CVE-2019-9511
- Source
- https://cve.org/CVERecord?id=CVE-2019-9511
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9511.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-9511
- Downstream
- Related
- Published
- 2019-08-13T21:15:12.223Z
- Modified
- 2026-04-16T04:33:31.991670339Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/
- https://support.f5.com/csp/article/K02591030?utm_source=f5support&%3Butm_medium=RSS
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/
- https://security.netapp.com/advisory/ntap-20190823-0005/
- https://usn.ubuntu.com/4099-1/
- https://access.redhat.com/errata/RHSA-2019:2745
- https://access.redhat.com/errata/RHSA-2019:4021
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html
- https://access.redhat.com/errata/RHSA-2019:2925
- https://kc.mcafee.com/corporate/index?page=content&id=SB10296
- https://security.netapp.com/advisory/ntap-20190823-0002/
- https://www.debian.org/security/2020/dsa-4669
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html
- https://access.redhat.com/errata/RHSA-2019:4020
- https://kb.cert.org/vuls/id/605641/
- https://seclists.org/bugtraq/2019/Aug/40
- https://seclists.org/bugtraq/2019/Sep/1
- https://support.f5.com/csp/article/K02591030
- https://access.redhat.com/errata/RHSA-2019:2692
- https://access.redhat.com/errata/RHSA-2019:2746
- https://access.redhat.com/errata/RHSA-2019:2949
- https://access.redhat.com/errata/RHSA-2019:3041
- https://access.redhat.com/errata/RHSA-2019:3932
- https://access.redhat.com/errata/RHSA-2019:4018
- https://access.redhat.com/errata/RHSA-2019:4019
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
- https://access.redhat.com/errata/RHSA-2019:2775
- https://access.redhat.com/errata/RHSA-2019:2966
- https://www.debian.org/security/2019/dsa-4505
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.synology.com/security/advisory/Synology_SA_19_33
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html
- https://access.redhat.com/errata/RHSA-2019:3933
- https://www.debian.org/security/2019/dsa-4511
- https://access.redhat.com/errata/RHSA-2019:2799
- https://access.redhat.com/errata/RHSA-2019:2939
- https://access.redhat.com/errata/RHSA-2019:2955
- https://access.redhat.com/errata/RHSA-2019:3935
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Affected packages
Git / github.com/apache/trafficserver
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/trafficserver
- Events
-
IntroducedLast affectedIntroducedLast affectedIntroducedLast affected
- Database specific
{ "versions": [ { "introduced": "6.0.0" }, { "last_affected": "6.2.3" }, { "introduced": "7.0.0" }, { "last_affected": "7.1.6" }, { "introduced": "8.0.0" }, { "last_affected": "8.0.3" } ] }
- Type
- GIT
- Repo
- https://github.com/nginx/nginx
- Events
-
IntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedFixedIntroducedLast affected
- Database specific
{ "versions": [ { "introduced": "1.0.0" }, { "last_affected": "1.4.0" }, { "introduced": "0" }, { "last_affected": "1.0" }, { "introduced": "0" }, { "last_affected": "1.0" }, { "introduced": "0" }, { "last_affected": "1.0" }, { "introduced": "1.9.5" }, { "fixed": "1.16.1" }, { "introduced": "1.17.0" }, { "last_affected": "1.17.2" } ] }
- Type
- GIT
- Repo
- https://github.com/nodejs/node
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedLast affectedIntroducedFixedIntroducedLast affectedIntroducedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "9.0" }, { "introduced": "0" }, { "last_affected": "10.0" }, { "introduced": "0" }, { "last_affected": "6.2" }, { "introduced": "0" }, { "last_affected": "15.0" }, { "introduced": "0" }, { "last_affected": "15.1" }, { "introduced": "0" }, { "last_affected": "7.2.0" }, { "introduced": "0" }, { "last_affected": "7.3.0" }, { "introduced": "0" }, { "last_affected": "3.0.0" }, { "introduced": "0" }, { "last_affected": "8.0" }, { "introduced": "0" }, { "last_affected": "19.2.0" }, { "introduced": "8.1.0" }, { "fixed": "8.2.0" }, { "introduced": "0" }, { "last_affected": "3.1.0" }, { "introduced": "0" }, { "last_affected": "3.2.0" }, { "introduced": "8.0.0" }, { "last_affected": "8.8.1" }, { "introduced": "8.9.0" }, { "fixed": "8.16.1" }, { "introduced": "10.0.0" }, { "last_affected": "10.12.0" }, { "introduced": "10.13.0" }, { "fixed": "10.16.3" }, { "introduced": "12.0.0" }, { "fixed": "12.8.1" } ] }
Affected versions
8.*
8.0.0
8.0.0-rc4
8.0.1
8.0.1-rc0
8.0.2
8.0.2-rc0
8.0.3
8.0.3-rc0
release-1.*
release-1.0.0
release-1.0.1
release-1.0.2
release-1.0.3
release-1.0.4
release-1.0.5
release-1.1.0
release-1.1.1
release-1.1.10
release-1.1.11
release-1.1.12
release-1.1.13
release-1.1.14
release-1.1.15
release-1.1.16
release-1.1.17
release-1.1.18
release-1.1.19
release-1.1.2
release-1.1.3
release-1.1.4
release-1.1.5
release-1.1.6
release-1.1.7
release-1.1.8
release-1.1.9
release-1.11.0
release-1.11.1
release-1.11.10
release-1.11.11
release-1.11.12
release-1.11.13
release-1.11.2
release-1.11.3
release-1.11.4
release-1.11.5
release-1.11.6
release-1.11.7
release-1.11.8
release-1.11.9
release-1.13.0
release-1.13.1
release-1.13.10
release-1.13.11
release-1.13.12
release-1.13.2
release-1.13.3
release-1.13.4
release-1.13.5
release-1.13.6
release-1.13.7
release-1.13.8
release-1.13.9
release-1.15.0
release-1.15.1
release-1.15.10
release-1.15.11
release-1.15.12
release-1.15.2
release-1.15.3
release-1.15.4
release-1.15.5
release-1.15.6
release-1.15.7
release-1.15.8
release-1.15.9
release-1.16.0
release-1.17.0
release-1.17.1
release-1.17.2
release-1.2.0
release-1.3.0
release-1.3.1
release-1.3.10
release-1.3.11
release-1.3.12
release-1.3.13
release-1.3.14
release-1.3.15
release-1.3.16
release-1.3.2
release-1.3.3
release-1.3.4
release-1.3.5
release-1.3.6
release-1.3.7
release-1.3.8
release-1.3.9
release-1.4.0
release-1.9.10
release-1.9.11
release-1.9.12
release-1.9.13
release-1.9.14
release-1.9.15
release-1.9.5
release-1.9.6
release-1.9.7
release-1.9.8
release-1.9.9
v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.6
v0.1.0
v0.1.1
v0.1.10
v0.1.100
v0.1.101
v0.1.102
v0.1.103
v0.1.104
v0.1.11
v0.1.12
v0.1.13
v0.1.14
v0.1.15
v0.1.16
v0.1.17
v0.1.18
v0.1.19
v0.1.2
v0.1.20
v0.1.21
v0.1.22
v0.1.23
v0.1.24
v0.1.25
v0.1.26
v0.1.27
v0.1.28
v0.1.29
v0.1.3
v0.1.30
v0.1.31
v0.1.32
v0.1.33
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.1.92
v0.1.93
v0.1.94
v0.1.95
v0.1.96
v0.1.97
v0.1.98
v0.1.99
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.4.0
v0.5.0
v0.5.1
v0.5.10
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.5-rc1
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.1
v0.7.0
v0.7.2
v0.7.3
v1.*
v1.0.1
v1.0.1-release
v1.0.2
v1.0.2-release
v1.0.3
v1.0.4
v1.1.0
v1.2.0
v1.3.0
v1.4.1
v1.4.2
v1.4.3
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.7.0
v1.7.1
v10.*
v10.0.0
v10.1.0
v10.10.0
v10.11.0
v10.12.0
v10.13.0
v10.14.0
v10.14.1
v10.14.2
v10.15.0
v10.15.1
v10.15.2
v10.15.3
v10.16.0
v10.16.1
v10.16.2
v10.2.0
v10.2.1
v10.3.0
v10.4.0
v10.4.1
v10.5.0
v10.6.0
v10.7.0
v10.8.0
v10.9.0
v12.*
v12.0.0
v12.1.0
v12.2.0
v12.3.0
v12.3.1
v12.4.0
v12.5.0
v12.6.0
v12.7.0
v12.8.0
v15.*
v15.0.0
v15.0.1
v15.1.0
v19.*
v19.0.0
v19.0.1
v19.1.0
v19.2.0
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.2.0
v2.2.1
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.4.0
v2.5.0
v3.*
v3.0.0
v3.1.0
v3.2.0
v6.*
v6.0.0
v6.1.0
v6.2.0
v7.*
v7.0.0
v7.1.0
v7.2.0
v7.2.1
v7.3.0
v8.*
v8.0.0
v8.1.0
v8.1.1
v8.1.2
v8.1.3
v8.1.4
v8.10.0
v8.11.0
v8.11.1
v8.11.2
v8.11.3
v8.11.4
v8.12.0
v8.13.0
v8.14.0
v8.14.1
v8.15.0
v8.15.1
v8.16.0
v8.2.0
v8.2.1
v8.3.0
v8.4.0
v8.5.0
v8.6.0
v8.7.0
v8.8.0
v8.8.1
v8.9.0
v8.9.1
v8.9.2
v8.9.3
v8.9.4
v9.*
v9.0.0
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9511.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "19.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "29"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "30"
}
]
},
{
"events": [
{
"introduced": "7.7.2.0"
},
{
"fixed": "7.7.2.24"
}
]
},
{
"events": [
{
"introduced": "7.8.2.0"
},
{
"fixed": "7.8.2.13"
}
]
}
]