Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2019-9518

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.

See the

CVE page on Mitre.org for more details.

References

CERT-VN: VU#605641
MISC: https://github.com/Net...
BUGTRAQ: 20190814 APPLE-SA-2019...
FULLDISC: 20190816 APPLE-SA-2019...
CONFIRM: https://www.synology.c...
CONFIRM: https://support.f5.com...
MLIST: [trafficserver-announc...
MLIST: [trafficserver-dev] 20...
MLIST: [trafficserver-users] ...
CONFIRM: https://security.netap...
FEDORA: FEDORA-2019-5a6a7bc12c
FEDORA: FEDORA-2019-6a2980de56
BUGTRAQ: 20190910 [SECURITY] [D...
CONFIRM: https://kc.mcafee.com/...
DEBIAN: DSA-4520
SUSE: openSUSE-SU-2019:2114
SUSE: openSUSE-SU-2019:2115
REDHAT: RHSA-2019:2925
REDHAT: RHSA-2019:2939
REDHAT: RHSA-2019:2955
CONFIRM: https://support.f5.com...
REDHAT: RHSA-2019:3892
MLIST: [druid-commits] 201911...
REDHAT: RHSA-2019:4352
REDHAT: RHSA-2020:0727
MLIST: [cassandra-commits] 20...
MLIST: [cassandra-commits] 20...

Launchpad.net

CVE 2019-9518

Related bugs

References