CVE-2019-9512
Severity
7.5HIGH
EPSS
51.2%
top 2.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 13
Latest updateAug 1
Description
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages9 packages
Also affects: Debian Linux 10.0
🔴Vulnerability Details
9📋Vendor Advisories
6💬Community
14Bugzilla▶
CVE-2019-9512 undertow: HTTP/2: flood using PING frames results in unbounded memory growth [fedora-all]↗2019-09-03
Bugzilla▶
CVE-2019-9512 kubernetes: HTTP/2: flood using PING frames results in unbounded memory growth [fedora-all]↗2019-08-26
Bugzilla▶
CVE-2019-9512 nginx: HTTP/2: flood using PING frames results in unbounded memory growth [epel-all]↗2019-08-16
Bugzilla▶
CVE-2019-9512 nodejs: HTTP/2: flood using PING frames results in unbounded memory growth [fedora-all]↗2019-08-16
Bugzilla▶
CVE-2019-9512 nodejs: http/2: HTTP/2 flood using PING frames results in unbounded memory growth [epel-all]↗2019-08-16