CVE-2019-9516

Name
CVE-2019-9516
Description
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Third Party Advisory https://kb.cert.org/vuls/id/605641/
Third Party Advisory https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
Mailing List https://seclists.org/bugtraq/2019/Aug/24
Third Party Advisory https://usn.ubuntu.com/4099-1/
Mailing List http://seclists.org/fulldisclosure/2019/Aug/16
Third Party Advisory https://www.synology.com/security/advisory/Synology_SA_19_33
Third Party Advisory https://support.f5.com/csp/article/K02591030
Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/
Mailing List https://seclists.org/bugtraq/2019/Aug/40
Third Party Advisory https://www.debian.org/security/2019/dsa-4505
Third Party Advisory https://security.netapp.com/advisory/ntap-20190823-0005/
Third Party Advisory https://security.netapp.com/advisory/ntap-20190823-0002/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
Third Party Advisory https://kc.mcafee.com/corporate/index?page=content&id=SB10296
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2746
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2745
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2775
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2799
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2925
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2939
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2946
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2950
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2955
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2966
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html
Third Party Advisory https://support.f5.com/csp/article/K02591030?utm_source=f5support&utm_medium=RSS
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3935
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3933
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3932
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/
cret@cert.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
cret@cert.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/
cret@cert.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
cret@cert.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/
cret@cert.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/
cret@cert.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/
cret@cert.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/
cret@cert.org https://support.f5.com/csp/article/K02591030?utm_source=f5support&amp%3Butm_medium=RSS

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:* swiftnio >= 1.0.0 <= 1.4.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
nodejs edge-main 10.16.3-r0 None fixed
nodejs 3.22-main 10.16.3-r0 None fixed
nodejs 3.21-main 10.16.3-r0 None fixed
nodejs 3.20-main 10.16.3-r0 None fixed
nodejs 3.19-main 10.16.3-r0 None fixed
nodejs 3.18-main 10.16.3-r0 None fixed
nodejs 3.17-main 10.16.3-r0 None fixed
nodejs 3.12-main 10.16.3-r0 None fixed
nodejs 3.11-main 10.16.3-r0 None fixed
nodejs 3.10-main 10.16.3-r0 None fixed
nginx edge-main 1.16.1-r0 None fixed
nginx 3.22-main 1.16.1-r0 None fixed
nginx 3.21-main 1.16.1-r0 None fixed
nginx 3.20-main 1.16.1-r0 None fixed
nginx 3.19-main 1.16.1-r0 None fixed
nginx 3.18-main 1.16.1-r0 None fixed
nginx 3.17-main 1.16.1-r0 None fixed
nginx 3.12-main 1.16.1-r0 None fixed
nginx 3.11-main 1.16.1-r0 None fixed
nginx 3.10-main 1.16.1-r0 None fixed