CVE-2019-9515
- Source
- https://cve.org/CVERecord?id=CVE-2019-9515
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9515.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-9515
- Downstream
- Related
- Published
- 2019-08-13T21:15:12.520Z
- Modified
- 2026-03-15T21:58:37.605186Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
- References
-
- https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
- https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E
- https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
- https://support.f5.com/csp/article/K50233772?utm_source=f5support&%3Butm_medium=RSS
- https://access.redhat.com/errata/RHSA-2019:2766
- https://www.debian.org/security/2019/dsa-4508
- https://access.redhat.com/errata/RHSA-2019:3892
- https://access.redhat.com/errata/RHSA-2019:4042
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
- https://access.redhat.com/errata/RHSA-2020:0727
- https://seclists.org/bugtraq/2019/Aug/43
- https://support.f5.com/csp/article/K50233772
- https://access.redhat.com/errata/RHSA-2019:4018
- https://access.redhat.com/errata/RHSA-2019:4019
- https://access.redhat.com/errata/RHSA-2019:4352
- https://kb.cert.org/vuls/id/605641/
- https://kc.mcafee.com/corporate/index?page=content&id=SB10296
- https://seclists.org/bugtraq/2019/Aug/24
- https://seclists.org/bugtraq/2019/Sep/18
- https://www.synology.com/security/advisory/Synology_SA_19_33
- https://access.redhat.com/errata/RHSA-2019:2955
- https://access.redhat.com/errata/RHSA-2019:4020
- https://access.redhat.com/errata/RHSA-2019:2796
- https://access.redhat.com/errata/RHSA-2019:2861
- https://access.redhat.com/errata/RHSA-2019:4041
- https://security.netapp.com/advisory/ntap-20190823-0005/
- https://usn.ubuntu.com/4308-1/
- https://access.redhat.com/errata/RHSA-2019:4021
- https://www.debian.org/security/2019/dsa-4520
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
- http://seclists.org/fulldisclosure/2019/Aug/16
- https://access.redhat.com/errata/RHSA-2019:2925
- https://access.redhat.com/errata/RHSA-2019:2939
- https://access.redhat.com/errata/RHSA-2019:4040
- https://access.redhat.com/errata/RHSA-2019:4045
Affected packages
Git / github.com/apache/trafficserver
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/trafficserver
- Events
-
IntroducedLast affectedIntroducedLast affectedIntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "6.0.0" }, { "last_affected": "6.2.3" }, { "introduced": "7.0.0" }, { "last_affected": "7.1.6" }, { "introduced": "8.0.0" }, { "last_affected": "8.0.3" }, { "introduced": "0" }, { "last_affected": "9.0" }, { "introduced": "0" }, { "last_affected": "10.0" }, { "introduced": "0" }, { "last_affected": "6.2" }, { "introduced": "0" }, { "last_affected": "4.1" }, { "introduced": "0" }, { "last_affected": "3.0.0" }, { "introduced": "0" }, { "last_affected": "8.0" } ] }
- Type
- GIT
- Repo
- https://github.com/apple/swift-nio
- Events
-
IntroducedLast affected
- Database specific
{ "versions": [ { "introduced": "1.0.0" }, { "last_affected": "1.4.0" } ] }
- Type
- GIT
- Repo
- https://github.com/nodejs/node
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedFixedIntroducedLast affectedIntroducedFixedIntroducedLast affectedIntroducedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "15.0" }, { "introduced": "0" }, { "last_affected": "15.1" }, { "introduced": "0" }, { "last_affected": "1.0" }, { "introduced": "0" }, { "last_affected": "7.2.0" }, { "introduced": "0" }, { "last_affected": "7.3.0" }, { "introduced": "0" }, { "last_affected": "1.0" }, { "introduced": "0" }, { "last_affected": "7.3" }, { "introduced": "0" }, { "last_affected": "1.0" }, { "introduced": "0" }, { "last_affected": "19.2.0" }, { "introduced": "8.1.0" }, { "fixed": "8.2.0" }, { "introduced": "8.0.0" }, { "last_affected": "8.8.1" }, { "introduced": "8.9.0" }, { "fixed": "8.16.1" }, { "introduced": "10.0.0" }, { "last_affected": "10.12.0" }, { "introduced": "10.13.0" }, { "fixed": "10.16.3" }, { "introduced": "12.0.0" }, { "fixed": "12.8.1" } ] }
Affected versions
1.*
1.0.0
1.1.0
1.2.0
1.2.1
1.3.0
1.3.1
1.4.0
6.*
6.0.0
6.0.0-rc3
7.*
7.0.0
8.*
8.0.0
8.0.0-rc4
8.0.1
8.0.1-rc0
8.0.2
8.0.2-rc0
8.0.3
8.0.3-rc0
v10.*
v10.0.0
v10.1.0
v10.10.0
v10.11.0
v10.12.0
v10.13.0
v10.14.0
v10.14.1
v10.14.2
v10.15.0
v10.15.1
v10.15.2
v10.15.3
v10.16.0
v10.16.1
v10.16.2
v10.2.0
v10.2.1
v10.3.0
v10.4.0
v10.4.1
v10.5.0
v10.6.0
v10.7.0
v10.8.0
v10.9.0
v12.*
v12.0.0
v12.1.0
v12.2.0
v12.3.0
v12.3.1
v12.4.0
v12.5.0
v12.6.0
v12.7.0
v12.8.0
v8.*
v8.1.0
v8.1.1
v8.1.2
v8.1.3
v8.1.4
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9515.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "19.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "29"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "30"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14"
}
]
},
{
"events": [
{
"introduced": "7.7.2.0"
},
{
"fixed": "7.7.2.24"
}
]
},
{
"events": [
{
"introduced": "7.8.2.0"
},
{
"fixed": "7.8.2.13"
}
]
},
{
"events": [
{
"introduced": "11.6.1"
},
{
"fixed": "11.6.5.1"
}
]
},
{
"events": [
{
"introduced": "12.1.0"
},
{
"fixed": "12.1.5.1"
}
]
},
{
"events": [
{
"introduced": "13.1.0"
},
{
"fixed": "13.1.3.2"
}
]
},
{
"events": [
{
"introduced": "14.0.0"
},
{
"fixed": "14.0.1.1"
}
]
},
{
"events": [
{
"introduced": "14.1.0"
},
{
"fixed": "14.1.2.1"
}
]
},
{
"events": [
{
"introduced": "15.0.0"
},
{
"fixed": "15.0.1.1"
}
]
}
]