CVE-2019-9516
CVSS v3.1
6.5 (Medium)
CVSS v2.0
6.8 (Medium)
EPSS
0.70 % (81th)
Affected Products
22
Advisories
38
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.
Weaknesses
- CVE Status
- PUBLISHED
- CNA
- CERT/CC
- Published Date
-
2019-08-13 21:15:12
(5 years ago) - Updated Date
-
2023-11-07 03:13:42
(10 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
AND |
|
---|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Configuration #5
|
Configuration #6
AND |
|
---|
Configuration #7
|
Configuration #8
|
Configuration #9
|
Configuration #10
|
Configuration #11
|
Configuration #12
|
Configuration #13
|
Configuration #14
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...