Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2019-9514HistoryAug 13, 2019 - 9:15 p.m.
CVE-2019-9514
2019-08-1321:15:12
Debian Security Bug Tracker
security-tracker.debian.org
23
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.821 High
EPSS
Percentile
98.4%
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | h2o | < 2.2.5+dfsg2-3 | h2o_2.2.5+dfsg2-3_all.deb |
| Debian | 11 | all | h2o | < 2.2.5+dfsg2-3 | h2o_2.2.5+dfsg2-3_all.deb |
| Debian | 999 | all | h2o | < 2.2.5+dfsg2-3 | h2o_2.2.5+dfsg2-3_all.deb |
| Debian | 13 | all | h2o | < 2.2.5+dfsg2-3 | h2o_2.2.5+dfsg2-3_all.deb |
| Debian | 12 | all | nodejs | < 10.16.3~dfsg-1 | nodejs_10.16.3~dfsg-1_all.deb |
| Debian | 11 | all | nodejs | < 10.16.3~dfsg-1 | nodejs_10.16.3~dfsg-1_all.deb |
| Debian | 999 | all | nodejs | < 10.16.3~dfsg-1 | nodejs_10.16.3~dfsg-1_all.deb |
| Debian | 13 | all | nodejs | < 10.16.3~dfsg-1 | nodejs_10.16.3~dfsg-1_all.deb |
| Debian | 12 | all | rust-h2 | <= 0.3.13-2 | rust-h2_0.3.13-2_all.deb |
| Debian | 999 | all | rust-h2 | < 0.3.24-1 | rust-h2_0.3.24-1_all.deb |
Related
gitlab
gitlab
Allocation of Resources Without Limits or Throttling
2022-05-24 00:00:00
Allocation of Resources Without Limits or Throttling
2022-05-24 00:00:00
f5
f5
K01988340 : HTTP/2 Reset Flood vulnerability CVE-2019-9514
2019-08-20 00:00:00
prion
prion
Design/Logic Flaw
2019-08-13 21:15:00
alpinelinux
alpinelinux
CVE-2019-9514
2019-08-13 21:15:12
cgr
cgr
CVE-2019-9514 vulnerabilities
2024-05-19 03:07:16
cbl_mariner
cbl_mariner
nessus
nessus
F5 Networks BIG-IP : HTTP/2 Reset Flood vulnerability (K01988340)
2019-09-25 00:00:00
RHEL 7 : OpenShift Container Platform 3.11 HTTP/2 (RHSA-2019:3906) (Ping Flood) (Reset Flood)
2019-11-20 00:00:00
CentOS 8 : container-tools:1.0 (CESA-2019:4273)
2021-01-29 00:00:00
github
github
golang.org/x/net/http vulnerable to a reset flood
2022-05-24 16:53:19
HTTP/2 DoS Attacks: Ping, Reset, and Settings Floods
2022-03-14 22:45:11
osv
osv
Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)
2024-01-17 12:00:00
Reset flood in net/http and golang.org/x/net/http
2022-08-01 22:20:53
golang.org/x/net/http vulnerable to ping floods
2022-05-24 16:53:17
nvd
nvd
CVE-2019-9514
2019-08-13 21:15:12
CVE-2019-14990
2019-08-13 18:15:12
redhatcve
redhatcve
CVE-2019-9514
2021-08-01 15:46:55
wolfi
wolfi
CVE-2019-9514 vulnerabilities
2024-07-03 09:08:38
mscve
mscve
HTTP/2 Server Denial of Service Vulnerability
2019-08-13 07:00:00
veracode
veracode
Denial Of Service (DoS) Via Reset Signal Floods
2019-09-04 12:13:52
cvelist
cvelist
cve
cve
CVE-2019-9514
2019-08-13 21:15:12
CVE-2019-14990
2019-08-13 18:15:12
symantec
symantec
Microsoft Windows 'HTTP.sys' CVE-2019-9514 Denial of Service Vulnerability
2019-08-13 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package kubernetes version 1.15.3-alt1
2019-09-26 00:00:00
Security fix for the ALT Linux 10 package traefik version 1.7.14-alt1
2019-08-23 00:00:00
Security fix for the ALT Linux 10 package golang version 1.12.9-alt1
2019-08-19 00:00:00
ibm
ibm
redhat
redhat
(RHSA-2019:4273) Important: container-tools:1.0 security update
2019-12-17 09:20:02
(RHSA-2019:2726) Important: go-toolset:rhel8 security and bug fix update
2019-09-10 10:40:48
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0468)
2022-01-28 00:00:00
Debian: Security Advisory (DLA-2485-1)
2020-12-09 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2019-1967)
2020-01-23 00:00:00
amazon
amazon
Important: golang
2019-08-23 03:20:00
Important: golang
2019-08-23 16:58:00
freebsd
freebsd
traefik -- Denial of service in HTTP/2
2019-08-13 00:00:00
h2o -- multiple HTTP/2 vulnerabilities
2019-08-13 00:00:00
h2o -- multiple HTTP/2 vulnerabilities
2019-08-13 00:00:00
almalinux
almalinux
Important: container-tools:1.0 security update
2019-12-17 09:20:02
Important: container-tools:rhel8 security and bug fix update
2019-12-17 09:19:28
rocky
rocky
container-tools:1.0 security update
2019-12-17 09:20:02
container-tools:rhel8 security and bug fix update
2019-12-17 09:19:28
oraclelinux
oraclelinux
go-toolset:rhel8 security and bug fix update
2019-09-17 00:00:00
container-tools:1.0 security update
2020-01-03 00:00:00
container-tools:ol8 security and bug fix update
2020-04-15 00:00:00
debian
debian
[SECURITY] [DLA 2485-1] golang-golang-x-net-dev security update
2020-12-08 22:15:45
[SECURITY] [DSA 4508-1] h2o security update
2019-08-24 14:44:01
[SECURITY] [DSA 4503-1] golang-1.11 security update
2019-08-18 18:25:11
ubuntucve
ubuntucve
CVE-2019-9514
2019-08-13 00:00:00
mageia
mageia
Updated golang-googlecode-net package fixes security vulnerabilities
2020-12-22 00:47:06
Updated golang packages fix security vulnerabilities
2019-09-07 00:09:08
suse
suse
Security update for go1.12 (moderate)
2019-09-07 00:00:00
Security update for go1.12 (moderate)
2019-09-14 00:00:00
Security update for go1.12 (important)
2019-08-24 00:00:00
archlinux
archlinux
[ASA-201908-15] go: multiple issues
2019-08-24 00:00:00
[ASA-201908-16] go-pie: multiple issues
2019-08-24 00:00:00
arista
arista
Security Advisory 0043
2019-11-06 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: golang-1.12.9-1.fc30
2019-09-06 12:35:05
[SECURITY] Fedora 30 Update: golang-1.12.10-1.fc30
2019-10-09 16:54:30
[SECURITY] Fedora 30 Update: golang-1.12.13-1.fc30
2019-11-12 02:09:13
ubuntu
ubuntu
Netty vulnerabilities
2021-06-29 00:00:00
apple
apple
About the security content of SwiftNIO HTTP/2 1.5.0
2019-08-13 00:00:00
About the security content of SwiftNIO HTTP/2 1.5.0 - Apple Support
2019-08-13 06:09:21
photon
photon
Important Photon OS Security Update - PHSA-2022-4.0-0298
2022-12-14 00:00:00
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.821 High
EPSS
Percentile
98.4%
Related for DEBIANCVE:CVE-2019-9514