Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-9512

Опубликовано: 13 авг. 2019
Источник: ubuntu
Приоритет: medium
CVSS2: 7.8
CVSS3: 7.5

Описание

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

РелизСтатусПримечание
bionic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

impish

DNE

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
devel

DNE

disco

ignored

end of life
eoan

DNE

esm-infra-legacy/trusty

needs-triage

esm-infra/bionic

needed

esm-infra/focal

DNE

esm-infra/xenial

needs-triage

focal

DNE

groovy

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

disco

ignored

end of life
eoan

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

impish

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

disco

ignored

end of life
eoan

ignored

end of life
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

impish

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

esm-infra/xenial

needs-triage

focal

DNE

groovy

DNE

hirsute

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

impish

DNE

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
devel

DNE

disco

DNE

eoan

DNE

esm-apps/bionic

needed

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
devel

DNE

disco

DNE

eoan

DNE

esm-apps/bionic

needed

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

DNE

disco

released

2.2.5+dfsg2-2+deb10u1build0.19.04.1
eoan

not-affected

2.2.5+dfsg2-3
esm-apps/bionic

needs-triage

esm-apps/focal

not-affected

2.2.5+dfsg2-3
esm-apps/jammy

not-affected

2.2.5+dfsg2-3
esm-apps/noble

not-affected

2.2.5+dfsg2-3
esm-infra-legacy/trusty

DNE

focal

not-affected

2.2.5+dfsg2-3

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
cosmic

ignored

end of life
devel

not-affected

disco

ignored

end of life
eoan

ignored

end of life
esm-apps/bionic

released

1:4.1.7-4ubuntu0.1+esm1
esm-apps/focal

not-affected

esm-apps/jammy

not-affected

esm-apps/noble

not-affected

esm-apps/xenial

not-affected

http2 support not implemented

Показывать по

РелизСтатусПримечание
bionic

not-affected

fixed for CVE-2018-16844
cosmic

not-affected

fixed for CVE-2018-16844
devel

not-affected

fixed for CVE-2018-16844
disco

not-affected

fixed for CVE-2018-16844
eoan

not-affected

fixed for CVE-2018-16844
esm-infra-legacy/trusty

not-affected

http2 support not implemented
esm-infra/bionic

not-affected

fixed for CVE-2018-16844
esm-infra/focal

not-affected

fixed for CVE-2018-16844
esm-infra/xenial

not-affected

fixed for CVE-2018-16844
focal

not-affected

fixed for CVE-2018-16844

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needed
cosmic

ignored

end of life
devel

DNE

disco

ignored

end of life
eoan

not-affected

8.0.5+ds-1
esm-apps/bionic

needed

esm-apps/focal

not-affected

8.0.5+ds-1
esm-apps/jammy

not-affected

8.0.5+ds-1
esm-apps/noble

not-affected

8.0.5+ds-1
esm-apps/xenial

needs-triage

Показывать по

РелизСтатусПримечание
bionic

released

17.9.0-2ubuntu0.1
cosmic

ignored

end of life
devel

released

18.9.0-6ubuntu1
disco

ignored

end of life
eoan

released

18.9.0-3ubuntu1.1
esm-infra-legacy/trusty

not-affected

http2 support not implemented
esm-infra/bionic

released

17.9.0-2ubuntu0.1
esm-infra/focal

released

18.9.0-6ubuntu1
esm-infra/xenial

not-affected

http2 support not implemented
focal

released

18.9.0-6ubuntu1

Показывать по

Ссылки на источники

7.8 High

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-9512

CVSS3: 7.5
redhat
больше 6 лет назад

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

nvd логотип

CVE-2019-9512

CVSS3: 7.5
nvd
больше 6 лет назад

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

msrc логотип

CVE-2019-9512

CVSS3: 7.5
msrc
больше 6 лет назад

HTTP/2 Server Denial of Service Vulnerability

debian логотип

CVE-2019-9512

CVSS3: 7.5
debian
больше 6 лет назад

Some HTTP/2 implementations are vulnerable to ping floods, potentially ...

github логотип

GHSA-hgr8-6h9x-f7q9

CVSS3: 7.5
github
больше 3 лет назад

golang.org/x/net/http vulnerable to ping floods

7.8 High

CVSS2

7.5 High

CVSS3

Уязвимость CVE-2019-9512