CVE-2019-9514

CVE Database · CVE-2019-9514

CVE-2019-9514

· HIGHModified

CVSS v3.1

7.5

EPSS

82.81%

Published

Aug 13, 2019

Modified

Jan 14, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-400CWE-770

Affected Products (55)

apple · swiftniovulnerable

apple · mac_os_x

canonical · ubuntu_linux

apache · traffic_servervulnerable

debian · debian_linuxvulnerable

canonical · ubuntu_linuxvulnerable

debian · debian_linux

References (20)

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html

Mailing List

KEV Catalog EPSS Scores Vendors All CVEs

debian · debian_linuxvulnerable

synology · skynasvulnerable

synology · diskstation_managervulnerable

synology · vs960hd_firmwarevulnerable

fedoraproject · fedoravulnerable

opensuse · leapvulnerable

redhat · developer_toolsvulnerable

redhat · jboss_core_servicesvulnerable

redhat · jboss_enterprise_application_platformvulnerable

redhat · openshift_container_platformvulnerable

redhat · openshift_service_meshvulnerable

redhat · openstackvulnerable

redhat · quayvulnerable

redhat · single_sign-onvulnerable

redhat · software_collectionsvulnerable

redhat · enterprise_linuxvulnerable

redhat · enterprise_linux_eusvulnerable

redhat · enterprise_linux_servervulnerable

redhat · enterprise_linux_workstationvulnerable

oracle · graalvmvulnerable

mcafee · web_gateway (up to 7.7.2.24)vulnerable

mcafee · web_gateway (up to 7.8.2.13)vulnerable

mcafee · web_gateway (up to 8.2.0)vulnerable

netapp · cloud_insightsvulnerable

netapp · tridentvulnerable

f5 · big-ip_local_traffic_manager (up to 11.6.5.1)vulnerable

f5 · big-ip_local_traffic_manager (up to 12.1.5.1)vulnerable

f5 · big-ip_local_traffic_manager (up to 13.1.3.2)vulnerable

f5 · big-ip_local_traffic_manager (up to 14.0.1.1)vulnerable

f5 · big-ip_local_traffic_manager (up to 14.1.2.1)vulnerable

f5 · big-ip_local_traffic_manager (up to 15.0.1.1)vulnerable

Third Party Advisory

http://seclists.org/fulldisclosure/2019/Aug/16

Mailing ListThird Party Advisory