CVE-2019-9514

high-risk

Published 2019-08-13

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.

Do I need to act?

9.5% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

Swiftnio

Traffic Server

Debian Linux

Ubuntu Linux

Debian Linux

Skynas

Diskstation Manager

Vs960Hd Firmware

Fedora

Leap

Developer Tools

Jboss Core Services

Jboss Enterprise Application Platform

Openshift Container Platform

Affected Vendors

Debian Redhat Apache Apple Oracle F5 Mcafee Canonical Fedoraproject Netapp Opensuse Synology Nodejs

References (134)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html

Mailing List http://seclists.org/fulldisclosure/2019/Aug/16

Mailing List http://www.openwall.com/lists/oss-security/2019/08/20/1

http://www.openwall.com/lists/oss-security/2023/10/18/8

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2594

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2661

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2682

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2690

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2726

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2766

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2769

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2796

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2861

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2925

and 114 more references

/ 100

high-risk

Severity 26/34 · High

Exploitability 11/34 · Low

Exposure 24/34 · High