CVE-2019-9512

HIGH

Description

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

References

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html

http://seclists.org/fulldisclosure/2019/Aug/16

http://www.openwall.com/lists/oss-security/2019/08/20/1

https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md

https://kb.cert.org/vuls/id/605641/

https://lists.apache.org/thread.html/[email protected]%3Cusers.trafficserver.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cannounce.trafficserver.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.trafficserver.apache.org%3E

https://lists.fedoraproject.org/archives/list/[email protected]/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/

https://lists.fedoraproject.org/archives/list/[email protected]/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/

https://lists.fedoraproject.org/archives/list/[email protected]/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/

https://lists.fedoraproject.org/archives/list/[email protected]/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/

https://seclists.org/bugtraq/2019/Aug/24

https://seclists.org/bugtraq/2019/Aug/31

https://seclists.org/bugtraq/2019/Aug/43

https://security.netapp.com/advisory/ntap-20190823-0001/

https://security.netapp.com/advisory/ntap-20190823-0004/

https://security.netapp.com/advisory/ntap-20190823-0005/

https://support.f5.com/csp/article/K98053339

https://www.debian.org/security/2019/dsa-4503

https://www.debian.org/security/2019/dsa-4508

https://www.synology.com/security/advisory/Synology_SA_19_33

Details

Source: MITRE

Published: 2019-08-13

Updated: 2019-08-23

Type: CWE-400

Risk Information

CVSS v2.0

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

AND

cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*

ID	Name	Product	Family	Severity
129995	RHEL 7 / 8 : OpenShift Container Platform 4.1.20 golang (RHSA-2019:3131) (Ping Flood) (Reset Flood)	Nessus	Red Hat Local Security Checks	high
129514	Oracle Linux 8 : nodejs:10 (ELSA-2019-2925) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	Oracle Linux Local Security Checks	high
129480	RHEL 8 : nodejs:10 (RHSA-2019:2925) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	Red Hat Local Security Checks	high
129437	EulerOS 2.0 SP8 : golang (EulerOS-SA-2019-2078)	Nessus	Huawei Local Security Checks	high
129318	F5 Networks BIG-IP : HTTP/2 Ping Flood vulnerability (K98053339) (Ping Flood)	Nessus	F5 Networks Local Security Checks	high
129124	EulerOS 2.0 SP5 : golang (EulerOS-SA-2019-1967)	Nessus	Huawei Local Security Checks	high
129036	Oracle Linux 8 : go-toolset:ol8 (ELSA-2019-2726) (Ping Flood) (Reset Flood)	Nessus	Oracle Linux Local Security Checks	high
128863	openSUSE Security Update : go1.12 (openSUSE-2019-2130) (Ping Flood) (Reset Flood)	Nessus	SuSE Local Security Checks	high
128849	RHEL 7 : OpenShift Container Platform 3.10 (RHSA-2019:2690) (Ping Flood) (Reset Flood)	Nessus	Red Hat Local Security Checks	high
128669	openSUSE Security Update : nodejs8 (openSUSE-2019-2115) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	SuSE Local Security Checks	high
128668	openSUSE Security Update : nodejs10 (openSUSE-2019-2114) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	SuSE Local Security Checks	high
128666	RHEL 8 : go-toolset:rhel8 (RHSA-2019:2726) (Ping Flood) (Reset Flood)	Nessus	Red Hat Local Security Checks	high
128659	RHEL 7 : go-toolset-1.11 and go-toolset-1.11-golang (RHSA-2019:2682) (Ping Flood) (Reset Flood)	Nessus	Red Hat Local Security Checks	high
128657	RHEL 7 / 8 : Red Hat OpenShift Container Platform 4.1 openshift RPM (RHSA-2019:2661) (Ping Flood) (Reset Flood)	Nessus	Red Hat Local Security Checks	high
128621	Debian DSA-4520-1 : trafficserver - security update (Empty Frames Flood) (Ping Flood) (Reset Flood) (Settings Flood)	Nessus	Debian Local Security Checks	high
128605	openSUSE Security Update : go1.12 (openSUSE-2019-2085) (Ping Flood) (Reset Flood)	Nessus	SuSE Local Security Checks	high
128571	Fedora 29 : golang (2019-65db7ad6c7) (Ping Flood) (Reset Flood)	Nessus	Fedora Local Security Checks	high
128567	Fedora 30 : golang (2019-55d101a740) (Ping Flood) (Reset Flood)	Nessus	Fedora Local Security Checks	high
128541	openSUSE Security Update : go1.11 (openSUSE-2019-2072) (Ping Flood) (Reset Flood)	Nessus	SuSE Local Security Checks	high
128468	SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2019:2260-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	SuSE Local Security Checks	high
128467	SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2019:2259-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	SuSE Local Security Checks	high
128462	openSUSE Security Update : go1.12 (openSUSE-2019-2056) (Ping Flood) (Reset Flood)	Nessus	SuSE Local Security Checks	high
128411	SUSE SLES12 Security Update : nodejs10 (SUSE-SU-2019:2254-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	SuSE Local Security Checks	high
128293	Amazon Linux AMI : golang (ALAS-2019-1270) (Ping Flood) (Reset Flood)	Nessus	Amazon Linux Local Security Checks	high
128286	Amazon Linux 2 : golang (ALAS-2019-1272) (Ping Flood) (Reset Flood)	Nessus	Amazon Linux Local Security Checks	high
128181	Debian DSA-4508-1 : h2o - security update (Ping Flood) (Reset Flood) (Settings Flood)	Nessus	Debian Local Security Checks	high
128147	SUSE SLED15 / SLES15 Security Update : go1.12 (SUSE-SU-2019:2214-1) (Ping Flood) (Reset Flood)	Nessus	SuSE Local Security Checks	high
128146	SUSE SLED15 / SLES15 Security Update : go1.11 (SUSE-SU-2019:2213-1) (Ping Flood) (Reset Flood)	Nessus	SuSE Local Security Checks	high
128142	openSUSE Security Update : go1.12 (openSUSE-2019-2000) (Ping Flood) (Reset Flood)	Nessus	SuSE Local Security Checks	high
128136	FreeBSD : h2o -- multiple HTTP/2 vulnerabilities (73b1e734-c74e-11e9-8052-0028f8d09152) (Ping Flood) (Reset Flood) (Settings Flood)	Nessus	FreeBSD Local Security Checks	high
128135	FreeBSD : h2o -- multiple HTTP/2 vulnerabilities (72a5579e-c765-11e9-8052-0028f8d09152) (Ping Flood) (Reset Flood) (Settings Flood)	Nessus	FreeBSD Local Security Checks	high
128133	Fedora 29 : 1:nodejs (2019-6a2980de56) (0-Length Headers Leak) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	Fedora Local Security Checks	high
128131	Fedora 30 : 1:nodejs (2019-5a6a7bc12c) (0-Length Headers Leak) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	Fedora Local Security Checks	high
128043	FreeBSD : Node.js -- multiple vulnerabilities (c97a940b-c392-11e9-bb38-000d3ab229d6) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	FreeBSD Local Security Checks	high
127947	FreeBSD : traefik -- Denial of service in HTTP/2 (41f4baac-bf77-11e9-8d2f-5404a68ad561) (Ping Flood) (Reset Flood)	Nessus	FreeBSD Local Security Checks	high
127930	Debian DSA-4503-1 : golang-1.11 - security update (Ping Flood) (Reset Flood)	Nessus	Debian Local Security Checks	high
127850	KB4512517: Windows 10 Version 1607 and Windows Server 2016 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical
127849	KB4512516: Windows 10 Version 1709 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical
127848	KB4512508: Windows 10 Version 1903 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical
127847	KB4512507: Windows 10 Version 1703 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical
127845	KB4512501: Windows 10 Version 1803 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical
127844	KB4512497: Windows 10 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical
127841	KB4511553: Windows 10 Version 1809 and Windows Server 2019 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical