PT-2019-3018 · Ietf+10 · Http/2+10

Jonathan Looney

·

Publicado

2019-08-13

·

Atualizado

2026-05-18

·

CVE-2019-9513

CVSS v2.0

7.8

Alta

VetorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions HTTP/2 implementations (affected versions not specified)
Description The issue is related to a denial of service vulnerability in some HTTP/2 implementations. An attacker can create multiple request streams and continually shuffle the priority of the streams, causing substantial churn to the priority tree and consuming excess CPU. This can lead to a denial of service. The vulnerability is associated with uncontrolled resource consumption and can be exploited by a remote attacker.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

ALSA-2019:2799
ALSA-2019:2925
ALT-PU-2019-2600
ALT-PU-2019-2601
ALT-PU-2019-2823
ALT-PU-2019-3050
ALT-PU-2020-2194
ALT-PU-2020-2195
BDU:2019-02997
CESA-2019_2692
CESA-2019_2799
CESA-2019_2925
CLEANSTART-2026-AF45008
CLEANSTART-2026-BA37192
CLEANSTART-2026-BD71263
CLEANSTART-2026-IS74202
CLEANSTART-2026-JR35772
CLEANSTART-2026-JY06700
CLEANSTART-2026-KN34553
CLEANSTART-2026-KZ45320
CLEANSTART-2026-LJ44720
CLEANSTART-2026-LN12820
CLEANSTART-2026-MQ02912
CLEANSTART-2026-TX00223
CLEANSTART-2026-WI75198
CLEANSTART-2026-XB16901
CLEANSTART-2026-ZN32454
CLEANSTART-2026-ZT77083
CVE-2019-9513
DSA-4505-1
DSA-4511-1
DSA-4669-1
MGASA-2019-0291
MGASA-2019-0342
MGASA-2020-0372
OPENSUSE-SU-2019:2114-1
OPENSUSE-SU-2019:2115-1
OPENSUSE-SU-2019:2120-1
OPENSUSE-SU-2019:2232-1
OPENSUSE-SU-2019:2234-1
OPENSUSE-SU-2019:2264-1
OPENSUSE-SU-2019_2114-1
OPENSUSE-SU-2019_2115-1
OPENSUSE-SU-2019_2120-1
OPENSUSE-SU-2019_2232-1
OPENSUSE-SU-2019_2234-1
OPENSUSE-SU-2019_2264-1
RHSA-2019:2692
RHSA-2019:2745
RHSA-2019:2746
RHSA-2019:2775
RHSA-2019:2799
RHSA-2019:2925
RHSA-2019:2939
RHSA-2019:2946
RHSA-2019:2949
RHSA-2019:2955
RHSA-2019:3041
RHSA-2019:3932
RHSA-2019:3933
RHSA-2019_2692
RHSA-2019_2799
RHSA-2019_2925
RLSA-2019:2799
RLSA-2019:2925
SUSE-SU-2019:14246-1
SUSE-SU-2019:2254-1
SUSE-SU-2019:2259-1
SUSE-SU-2019:2260-1
SUSE-SU-2019:2309-1
SUSE-SU-2019:2473-1
SUSE-SU-2019:2559-1
SUSE-SU-2019_14246-1
SUSE-SU-2020:0059-1
SUSE-SU-2021:0932-1
USN-4099-1
USN-6754-1

Produtos afetados

Alt Linux
Almalinux
Centos
Http/2
Linuxmint
Nginx
Red Hat
Rocky Linux
Suse
Ubuntu
Windows