CVE-2019-9518

Name
CVE-2019-9518
Description
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Third Party Advisory https://kb.cert.org/vuls/id/605641/
Third Party Advisory https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
Mailing List https://seclists.org/bugtraq/2019/Aug/24
Mailing List http://seclists.org/fulldisclosure/2019/Aug/16
Third Party Advisory https://www.synology.com/security/advisory/Synology_SA_19_33
Third Party Advisory https://support.f5.com/csp/article/K46011592
Issue Tracking https://lists.apache.org/thread.html/091b518265bce56a16af87b77c8cfacda902a02079e866f9fdf13b61@%3Cusers.trafficserver.apache.org%3E
Issue Tracking https://lists.apache.org/thread.html/2653c56545573b528f3f6352a29eccaf498bd6fb2a6a59568d81a61d@%3Cannounce.trafficserver.apache.org%3E
Issue Tracking https://lists.apache.org/thread.html/ff5b0821a6985159a832ff6d1a4bd311ac07ecc7db1e2d8bab619107@%3Cdev.trafficserver.apache.org%3E
Third Party Advisory https://security.netapp.com/advisory/ntap-20190823-0005/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
Third Party Advisory https://www.debian.org/security/2019/dsa-4520
Mailing List https://seclists.org/bugtraq/2019/Sep/18
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
Third Party Advisory https://kc.mcafee.com/corporate/index?page=content&id=SB10296
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2925
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2939
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2955
Third Party Advisory https://support.f5.com/csp/article/K46011592?utm_source=f5support&utm_medium=RSS
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:3892
Mailing List https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
Third Party Advisory https://access.redhat.com/errata/RHSA-2019:4352
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0727
Mailing List https://lists.apache.org/thread.html/r99a625fb17032646d96cd23dec49603ff630e9318e44a686d63046bc@%3Ccommits.cassandra.apache.org%3E
Mailing List https://lists.apache.org/thread.html/rd31230d01fa6aad18bdadc0720acd1747e53690bd35f73a48e7a9b75@%3Ccommits.cassandra.apache.org%3E
cret@cert.org https://lists.apache.org/thread.html/091b518265bce56a16af87b77c8cfacda902a02079e866f9fdf13b61%40%3Cusers.trafficserver.apache.org%3E
cret@cert.org https://lists.apache.org/thread.html/2653c56545573b528f3f6352a29eccaf498bd6fb2a6a59568d81a61d%40%3Cannounce.trafficserver.apache.org%3E
cret@cert.org https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
cret@cert.org https://lists.apache.org/thread.html/ff5b0821a6985159a832ff6d1a4bd311ac07ecc7db1e2d8bab619107%40%3Cdev.trafficserver.apache.org%3E
cret@cert.org https://lists.apache.org/thread.html/r99a625fb17032646d96cd23dec49603ff630e9318e44a686d63046bc%40%3Ccommits.cassandra.apache.org%3E
cret@cert.org https://lists.apache.org/thread.html/rd31230d01fa6aad18bdadc0720acd1747e53690bd35f73a48e7a9b75%40%3Ccommits.cassandra.apache.org%3E
cret@cert.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
cret@cert.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
cret@cert.org https://support.f5.com/csp/article/K46011592?utm_source=f5support&amp%3Butm_medium=RSS

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:* swiftnio >= 1.0.0 <= 1.4.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status