CVE-2019-9513

CVE Database · CVE-2019-9513

CVE-2019-9513

· HIGHModified

CVSS v3.1

7.5

EPSS

82.57%

Published

Aug 13, 2019

Modified

Jan 14, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-400

Affected Products (42)

apple · swiftniovulnerable

apple · mac_os_x

canonical · ubuntu_linux

apache · traffic_servervulnerable

canonical · ubuntu_linuxvulnerable

debian · debian_linuxvulnerable

debian · debian_linux

References (20)

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html

Mailing List

KEV Catalog EPSS Scores Vendors All CVEs

fedoraproject · fedoravulnerable

synology · skynasvulnerable

synology · diskstation_managervulnerable

synology · vs960hd_firmwarevulnerable

debian · debian_linuxvulnerable

fedoraproject · fedoravulnerable

opensuse · leapvulnerable

redhat · jboss_core_servicesvulnerable

redhat · jboss_enterprise_application_platformvulnerable

redhat · openshift_service_meshvulnerable

redhat · quayvulnerable

redhat · software_collectionsvulnerable

redhat · enterprise_linuxvulnerable

oracle · graalvmvulnerable

mcafee · web_gateway (up to 7.7.2.24)vulnerable

mcafee · web_gateway (up to 7.8.2.13)vulnerable

mcafee · web_gateway (up to 8.2.0)vulnerable

f5 · nginx (up to 1.16.1)vulnerable

f5 · nginxvulnerable

oracle · enterprise_communications_brokervulnerable

nodejs · node.jsvulnerable

nodejs · node.js (up to 8.16.1)vulnerable

nodejs · node.jsvulnerable

nodejs · node.js (up to 10.16.3)vulnerable

nodejs · node.js (up to 12.8.1)vulnerable

Third Party Advisory