Do your applications use this vulnerable package?
Test your applications
Overview
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
References
- ADVISORY
- BUGTRAQ
- Bugtraq Mailing List
- CERT-VN
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- DEBIAN
- DEBIAN
- Debian Security Advisory
- Debian Security Tracker
- FEDORA
- Fedora Security Update
- Fedora Security Update
- Fedora Security Update
- Fedora Security Update
- Fedora Security Update
- MISC
- MISC
- MISC
- Netapp Security Advisory
- Netapp Security Advisory
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- REDHAT
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
CVSS Score
7.5
high severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityNone
-
IntegrityNone
-
AvailabilityHigh
- CVE
- CVE-2019-9513
- CWE
- CWE-400
- Snyk ID
- SNYK-ALPINE310-NGHTTP2-490423
- Disclosed
- 13 Aug, 2019
- Published
- 13 Aug, 2019