CVE-2019-9516

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 13-08-2019 11:15

Last modified: - 02-09-2022 03:40

Total changes: - 7

Description

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

None

Integrity

Low

Privileges required

Unchanged

Scope

None

User interaction

6.5

Base score

2.8

3.6

Exploitability score

Impact score

Verification logic

Reference

VU#605641-Third Party Advisory, US Government Resource
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
20190814 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0-Mailing List, Third Party Advisory
USN-4099-1-Third Party Advisory
20190816 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0-Mailing List, Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_33
https://support.f5.com/csp/article/K02591030
FEDORA-2019-befd924cfe-Third Party Advisory
20190822 [SECURITY] [DSA 4505-1] nginx security update-Mailing List, Third Party Advisory
DSA-4505-Third Party Advisory
https://security.netapp.com/advisory/ntap-20190823-0005/
https://security.netapp.com/advisory/ntap-20190823-0002/
FEDORA-2019-5a6a7bc12c-Mailing List, Third Party Advisory
FEDORA-2019-6a2980de56-Mailing List, Third Party Advisory
FEDORA-2019-4427fd65be-Mailing List, Third Party Advisory
FEDORA-2019-63ba15cc83-Mailing List, Third Party Advisory
FEDORA-2019-7a0b45fdc4-Mailing List, Third Party Advisory
openSUSE-SU-2019:2120-Mailing List, Third Party Advisory
openSUSE-SU-2019:2114-Mailing List, Third Party Advisory
openSUSE-SU-2019:2115-Mailing List, Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10296
RHSA-2019:2746-Third Party Advisory
RHSA-2019:2745-Third Party Advisory
RHSA-2019:2775-Third Party Advisory
RHSA-2019:2799-Third Party Advisory
RHSA-2019:2925-Third Party Advisory
RHSA-2019:2939-Third Party Advisory
RHSA-2019:2946-Third Party Advisory
RHSA-2019:2950-Third Party Advisory
RHSA-2019:2955-Third Party Advisory
RHSA-2019:2966-Third Party Advisory
openSUSE-SU-2019:2264-Mailing List, Third Party Advisory
https://support.f5.com/csp/article/K02591030?utm_source=f5support&amp;utm_medium=RSS
RHSA-2019:3935-Third Party Advisory
RHSA-2019:3933-Third Party Advisory
RHSA-2019:3932-Third Party Advisory
FEDORA-2021-d5b2c18fe6-Mailing List, Third Party Advisory

Keywords

CVE-2019-9516

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2019-9516

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures