CVE-2019-9518

HIGH

Description

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.

ID	Name	Product	Family	Severity
132767	SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:0059-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	SuSE Local Security Checks	medium
129514	Oracle Linux 8 : nodejs:10 (ELSA-2019-2925) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	Oracle Linux Local Security Checks	high
129480	RHEL 8 : nodejs:10 (RHSA-2019:2925) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	Red Hat Local Security Checks	high
128669	openSUSE Security Update : nodejs8 (openSUSE-2019-2115) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	SuSE Local Security Checks	high
128668	openSUSE Security Update : nodejs10 (openSUSE-2019-2114) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	SuSE Local Security Checks	high
128621	Debian DSA-4520-1 : trafficserver - security update (Empty Frames Flood) (Ping Flood) (Reset Flood) (Settings Flood)	Nessus	Debian Local Security Checks	high
128468	SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2019:2260-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	SuSE Local Security Checks	high
128467	SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2019:2259-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	SuSE Local Security Checks	high
128411	SUSE SLES12 Security Update : nodejs10 (SUSE-SU-2019:2254-1) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	SuSE Local Security Checks	high
128133	Fedora 29 : 1:nodejs (2019-6a2980de56) (0-Length Headers Leak) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	Fedora Local Security Checks	high
128131	Fedora 30 : 1:nodejs (2019-5a6a7bc12c) (0-Length Headers Leak) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	Fedora Local Security Checks	high
128043	FreeBSD : Node.js -- multiple vulnerabilities (c97a940b-c392-11e9-bb38-000d3ab229d6) (0-Length Headers Leak) (Data Dribble) (Empty Frames Flood) (Internal Data Buffering) (Ping Flood) (Reset Flood) (Resource Loop) (Settings Flood)	Nessus	FreeBSD Local Security Checks	high
127850	KB4512517: Windows 10 Version 1607 and Windows Server 2016 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical
127849	KB4512516: Windows 10 Version 1709 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical
127848	KB4512508: Windows 10 Version 1903 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical
127847	KB4512507: Windows 10 Version 1703 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical
127845	KB4512501: Windows 10 Version 1803 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical
127844	KB4512497: Windows 10 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical
127841	KB4511553: Windows 10 Version 1809 and Windows Server 2019 August 2019 Security Update	Nessus	Windows : Microsoft Bulletins	critical

CVE-2019-9518

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0