1. Home
  2. Vulnerabilities
  3. CVE-2019-9512

CVE-2019-9512

CVSS v3.1 7.5 (High)
75% Progress
CVSS v2.0 7.8 (High)
78% Progress
EPSS 14.94 % (96th)
14.94% Progress
Affected Products 6
Advisories 53
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

Weaknesses
CWE-400
Uncontrolled Resource Consumption
Related CVEs
CVE Status
PUBLISHED
CNA
CERT/CC
Published Date
2019-08-13 21:15:12
(5 years ago)
Updated Date
2023-11-07 03:13:41
(10 months ago)

Affected Products

Apache

Apple

Canonical

Debian

Nodejs

Configuration #1

AND
    CPE23 From Up To
OR  
  Apple Swiftnio from 1.0.0 version and 1.4.0 and prior versions cpe:2.3:a:apple:swiftnio >= 1.0.0 <= 1.4.0
OR  
  Running on/with
  Apple Mac Os X from 10.12 version cpe:2.3:o:apple:mac_os_x >= 10.12
OR  
  Running on/with
  Canonical Ubuntu Linux from 14.04 version cpe:2.3:o:canonical:ubuntu_linux >= 14.04

Configuration #2

    CPE23 From Up To
  Apache Traffic Server from 6.0.0 version and 6.2.3 and prior versions cpe:2.3:a:apache:traffic_server >= 6.0.0 <= 6.2.3
  Apache Traffic Server from 7.0.0 version and 7.1.6 and prior versions cpe:2.3:a:apache:traffic_server >= 7.0.0 <= 7.1.6
  Apache Traffic Server from 8.0.0 version and 8.0.3 and prior versions cpe:2.3:a:apache:traffic_server >= 8.0.0 <= 8.0.3

Configuration #3

    CPE23 From Up To
  Debian Linux 10.0 cpe:2.3:o:debian:debian_linux:10.0

Configuration #4

    CPE23 From Up To
  Nodejs Node.js from 8.0.0 version and 8.8.1 and prior versions cpe:2.3:a:nodejs:node.js::*:*:*:- >= 8.0.0 <= 8.8.1
  Nodejs Node.js from 8.9.0 version and prior 8.16.1 version cpe:2.3:a:nodejs:node.js::*:*:*:lts >= 8.9.0 < 8.16.1
  Nodejs Node.js from 10.0.0 version and 10.12.0 and prior versions cpe:2.3:a:nodejs:node.js::*:*:*:- >= 10.0.0 <= 10.12.0
  Nodejs Node.js from 10.13.0 version and prior 10.16.3 version cpe:2.3:a:nodejs:node.js::*:*:*:lts >= 10.13.0 < 10.16.3
  Nodejs Node.js from 12.0.0 version and prior 12.8.1 version cpe:2.3:a:nodejs:node.js::*:*:*:- >= 12.0.0 < 12.8.1