Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. (CVE-2019-9512)

Impact

The BIG-IP system may exhaust available resources and fail over to another system in the device group.

CPENameOperatorVersion
big-iq centralized managementeq5.1.0
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-iq centralized managementeq7.0.0
big-ip afmeq11.5.10
big-ip afmeq11.5.2

Name	Operator	Version
big-iq centralized management	eq	5.1.0
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-iq centralized management	eq	7.0.0
big-ip afm	eq	11.5.10
big-ip afm	eq	11.5.2

Rows per page:

1-10 of 2921

mscve 1

cvelist 1

cgr 1

symantec 1

github 3

debiancve 1

wolfi 1

gitlab 2

cve 2

alpinelinux 1

veracode 1

redhatcve 1

prion 1

cbl_mariner 1

nvd 2

nessus 56

redhat 24

osv 16

openvas 19

amazon 2

freebsd 4

almalinux 2

altlinux 3

rocky 2

mageia 2

ibm 23

oraclelinux 6

debian 4

ubuntucve 1

suse 5

archlinux 2

arista 1

fedora 3

ubuntu 1

apple 2

photon 1

mscve

HTTP/2 Server Denial of Service Vulnerability

2019-08-13 07:00:00

cvelist

CVE-2019-9512 Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service

2019-08-13 20:50:59

cgr

CVE-2019-9512 vulnerabilities

2024-05-19 03:07:16

symantec

Microsoft Windows 'HTTP.sys' CVE-2019-9512 Denial of Service Vulnerability

2019-08-13 00:00:00

github

golang.org/x/net/http vulnerable to ping floods

2022-05-24 16:53:17

Yamux Memory Exhaustion Vulnerability via Active::pending_frames property

2024-05-01 16:40:49

HTTP/2 DoS Attacks: Ping, Reset, and Settings Floods

2022-03-14 22:45:11

debiancve

CVE-2019-9512

2019-08-13 21:15:12

wolfi

CVE-2019-9512 vulnerabilities

2024-07-03 09:08:38

gitlab

Uncontrolled Resource Consumption

2022-05-24 00:00:00

Uncontrolled Resource Consumption

2022-05-24 00:00:00

cve

CVE-2019-9512

2019-08-13 21:15:12

CVE-2019-14988

2019-08-13 18:15:12

alpinelinux

CVE-2019-9512

2019-08-13 21:15:12

veracode

Denial Of Service (DoS) Via Ping Floods

2019-09-04 08:20:27

redhatcve

CVE-2019-9512

2022-05-14 11:32:54

prion

Design/Logic Flaw

2019-08-13 21:15:00

cbl_mariner

CVE-2019-9512 affecting package python-tensorboard for versions less than 2.16.2-1

2024-05-17 21:38:35

nvd

CVE-2019-9512

2019-08-13 21:15:12

CVE-2019-14988

2019-08-13 18:15:12

nessus

F5 Networks BIG-IP : HTTP/2 Ping Flood vulnerability (K98053339)

2019-09-25 00:00:00

Amazon Linux 2 : golang (ALAS-2019-1272) (Ping Flood) (Reset Flood)

2019-08-28 00:00:00

RHEL 7 / 8 : Red Hat OpenShift Container Platform 4.1 openshift RPM (RHSA-2019:2661)

2019-09-11 00:00:00

redhat

(RHSA-2019:4273) Important: container-tools:1.0 security update

2019-12-17 09:20:02

(RHSA-2019:2726) Important: go-toolset:rhel8 security and bug fix update

2019-09-10 10:40:48

(RHSA-2019:3906) Important: OpenShift Container Platform 3.11 HTTP/2 security update

2019-11-18 16:18:29

osv

Important: container-tools:1.0 security update

2019-12-17 09:20:02

golang-golang-x-net-dev - security update

2020-12-09 00:00:00

Yamux Memory Exhaustion Vulnerability via Active::pending_frames property

2024-05-01 16:40:49

openvas

Mageia: Security Advisory (MGASA-2020-0468)

2022-01-28 00:00:00

Debian: Security Advisory (DLA-2485-1)

2020-12-09 00:00:00

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2019-1967)

2020-01-23 00:00:00

amazon

Important: golang

2019-08-23 03:20:00

Important: golang

2019-08-23 16:58:00

freebsd

traefik -- Denial of service in HTTP/2

2019-08-13 00:00:00

h2o -- multiple HTTP/2 vulnerabilities

2019-08-13 00:00:00

h2o -- multiple HTTP/2 vulnerabilities

2019-08-13 00:00:00

almalinux

Important: container-tools:1.0 security update

2019-12-17 09:20:02

Important: container-tools:rhel8 security and bug fix update

2019-12-17 09:19:28

altlinux

Security fix for the ALT Linux 10 package traefik version 1.7.14-alt1

2019-08-23 00:00:00

Security fix for the ALT Linux 10 package kubernetes version 1.15.3-alt1

2019-09-26 00:00:00

Security fix for the ALT Linux 10 package golang version 1.12.9-alt1

2019-08-19 00:00:00

rocky

container-tools:1.0 security update

2019-12-17 09:20:02

container-tools:rhel8 security and bug fix update

2019-12-17 09:19:28

mageia

Updated golang-googlecode-net package fixes security vulnerabilities

2020-12-22 00:47:06

Updated golang packages fix security vulnerabilities

2019-09-07 00:09:08

ibm

Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes security vulnerabilities (CVE-2019-9512, CVE-2019-9514)

2019-09-04 10:55:08

Security Bulletin: IBM MQ Certified Container is vulnerable to multiple vulnerabilities in Golang (CVE-2019-9512, CVE-2019-9514)

2019-12-19 15:33:23

Security Bulletin: A security vulnerability has been identified in nginx shipped with PowerAI Vision

2020-01-08 04:40:42

oraclelinux

go-toolset:rhel8 security and bug fix update

2019-09-17 00:00:00

container-tools:1.0 security update

2020-01-03 00:00:00

container-tools:ol8 security and bug fix update

2020-04-15 00:00:00

debian

[SECURITY] [DLA 2485-1] golang-golang-x-net-dev security update

2020-12-08 22:15:45

[SECURITY] [DSA 4508-1] h2o security update

2019-08-24 14:44:01

[SECURITY] [DSA 4503-1] golang-1.11 security update

2019-08-18 18:25:11

ubuntucve

CVE-2019-9512

2019-08-13 00:00:00

suse

Security update for go1.12 (moderate)

2019-09-07 00:00:00

Security update for go1.12 (moderate)

2019-09-14 00:00:00

Security update for go1.12 (moderate)

2019-09-02 00:00:00

archlinux

[ASA-201908-15] go: multiple issues

2019-08-24 00:00:00

[ASA-201908-16] go-pie: multiple issues

2019-08-24 00:00:00

arista

Security Advisory 0043

2019-11-06 00:00:00

fedora

[SECURITY] Fedora 30 Update: golang-1.12.9-1.fc30

2019-09-06 12:35:05

[SECURITY] Fedora 30 Update: golang-1.12.10-1.fc30

2019-10-09 16:54:30

[SECURITY] Fedora 30 Update: golang-1.12.13-1.fc30

2019-11-12 02:09:13

ubuntu

Netty vulnerabilities

2021-06-29 00:00:00

apple

About the security content of SwiftNIO HTTP/2 1.5.0

2019-08-13 00:00:00

About the security content of SwiftNIO HTTP/2 1.5.0 - Apple Support

2019-08-13 06:09:21

photon

Important Photon OS Security Update - PHSA-2022-4.0-0298

2022-12-14 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.2 High

AI Score

Confidence

High

0.154 Low

EPSS

Percentile

95.9%

JSON

Related for F5:K98053339