CVE-2019-9512
high-risk
Published 2019-08-13
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Do I need to act?
!
51.2% chance of exploitation in next 30 days
EPSS score — higher than 49% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (5)
References (130)
Mailing List
http://seclists.org/fulldisclosure/2019/Aug/16
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2594
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2661
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2682
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2690
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2726
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2766
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2769
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2796
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2861
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2925
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2939
and 110 more references
56
/ 100
high-risk
Severity
26/34 · High
Exploitability
18/34 · Moderate
Exposure
12/34 · Low