CVE-2019-9514

Опубликовано: 13 авг. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Низкий

Описание

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2019/Aug/16
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/08/20/1
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/18/8
https://access.redhat.com/errata/RHSA-2019:2594
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2661
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2682
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2690
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2726
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2766
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2769
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2796
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2861
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2925
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*

Версия от 1.0.0 (включая) до 1.4.0 (включая)

Одно из

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Версия от 10.12 (включая)

cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*

Версия от 14.04 (включая)

Конфигурация 2

Одно из

cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*

Версия от 6.0.0 (включая) до 6.2.3 (включая)

cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*

Версия от 7.0.0 (включая) до 7.1.6 (включая)

cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*

Версия от 8.0.0 (включая) до 8.0.3 (включая)

Конфигурация 3

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Конфигурация 6

Одно из

cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*

cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*

Конфигурация 7

Одновременно

cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*

Конфигурация 8

Одно из

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

Конфигурация 9

Одно из

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Конфигурация 10

Одно из

cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*

cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*

cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Конфигурация 11

cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*

Конфигурация 12

Одно из

cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*

Версия от 7.7.2.0 (включая) до 7.7.2.24 (исключая)

cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*

Версия от 7.8.2.0 (включая) до 7.8.2.13 (исключая)

cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*

Версия от 8.1.0 (включая) до 8.2.0 (исключая)

Конфигурация 13

Одно из

cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*

Конфигурация 14

Одно из