Launchpad CVE tracker

CVE 2019-9516

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.

See the

CVE page on Mitre.org for more details.

References

CERT-VN: VU#605641
MISC: https://github.com/Net...
BUGTRAQ: 20190814 APPLE-SA-2019...
UBUNTU: USN-4099-1
FULLDISC: 20190816 APPLE-SA-2019...
CONFIRM: https://www.synology.c...
CONFIRM: https://support.f5.com...
FEDORA: FEDORA-2019-befd924cfe
BUGTRAQ: 20190822 [SECURITY] [D...
CONFIRM: https://security.netap...
CONFIRM: https://security.netap...
DEBIAN: DSA-4505
FEDORA: FEDORA-2019-5a6a7bc12c
FEDORA: FEDORA-2019-6a2980de56
FEDORA: FEDORA-2019-4427fd65be
FEDORA: FEDORA-2019-63ba15cc83
FEDORA: FEDORA-2019-7a0b45fdc4
CONFIRM: https://kc.mcafee.com/...
SUSE: openSUSE-SU-2019:2114
SUSE: openSUSE-SU-2019:2115
SUSE: openSUSE-SU-2019:2120
REDHAT: RHSA-2019:2745
REDHAT: RHSA-2019:2746
REDHAT: RHSA-2019:2775
REDHAT: RHSA-2019:2799
REDHAT: RHSA-2019:2925
REDHAT: RHSA-2019:2939
REDHAT: RHSA-2019:2946
REDHAT: RHSA-2019:2950
REDHAT: RHSA-2019:2955
REDHAT: RHSA-2019:2966
SUSE: openSUSE-SU-2019:2264
CONFIRM: https://support.f5.com...
REDHAT: RHSA-2019:3932
REDHAT: RHSA-2019:3933
REDHAT: RHSA-2019:3935
FEDORA: FEDORA-2021-d5b2c18fe6

Launchpad.net

CVE 2019-9516

Related bugs

References