CVE-2019-9518
- Source
- https://cve.org/CVERecord?id=CVE-2019-9518
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9518.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-9518
- Downstream
- Related
- Published
- 2019-08-13T21:15:13.003Z
- Modified
- 2026-04-10T04:20:51.873823Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
- https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r99a625fb17032646d96cd23dec49603ff630e9318e44a686d63046bc%40%3Ccommits.cassandra.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
- https://support.f5.com/csp/article/K46011592?utm_source=f5support&%3Butm_medium=RSS
- https://lists.apache.org/thread.html/2653c56545573b528f3f6352a29eccaf498bd6fb2a6a59568d81a61d%40%3Cannounce.trafficserver.apache.org%3E
- https://lists.apache.org/thread.html/ff5b0821a6985159a832ff6d1a4bd311ac07ecc7db1e2d8bab619107%40%3Cdev.trafficserver.apache.org%3E
- https://lists.apache.org/thread.html/rd31230d01fa6aad18bdadc0720acd1747e53690bd35f73a48e7a9b75%40%3Ccommits.cassandra.apache.org%3E
- https://lists.apache.org/thread.html/091b518265bce56a16af87b77c8cfacda902a02079e866f9fdf13b61%40%3Cusers.trafficserver.apache.org%3E
- https://support.f5.com/csp/article/K46011592
- https://www.synology.com/security/advisory/Synology_SA_19_33
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
- http://seclists.org/fulldisclosure/2019/Aug/16
- https://access.redhat.com/errata/RHSA-2019:3892
- https://access.redhat.com/errata/RHSA-2019:4352
- https://access.redhat.com/errata/RHSA-2020:0727
- https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
- https://access.redhat.com/errata/RHSA-2019:2925
- https://access.redhat.com/errata/RHSA-2019:2955
- https://security.netapp.com/advisory/ntap-20190823-0005/
- https://www.debian.org/security/2019/dsa-4520
- https://access.redhat.com/errata/RHSA-2019:2939
- https://kb.cert.org/vuls/id/605641/
- https://kc.mcafee.com/corporate/index?page=content&id=SB10296
- https://seclists.org/bugtraq/2019/Aug/24
- https://seclists.org/bugtraq/2019/Sep/18
Affected packages
Git / github.com/apache/trafficserver
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/trafficserver
- Events
-
IntroducedLast affectedIntroducedLast affectedIntroducedLast affected
- Database specific
{ "versions": [ { "introduced": "6.0.0" }, { "last_affected": "6.2.3" }, { "introduced": "7.0.0" }, { "last_affected": "7.1.6" }, { "introduced": "8.0.0" }, { "last_affected": "8.0.3" } ] }
- Type
- GIT
- Repo
- https://github.com/apple/swift-nio
- Events
-
IntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "1.0.0" }, { "last_affected": "1.4.0" }, { "introduced": "0" }, { "last_affected": "1.0" }, { "introduced": "0" }, { "last_affected": "1.0" }, { "introduced": "0" }, { "last_affected": "1.0" } ] }
- Type
- GIT
- Repo
- https://github.com/nodejs/node
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedFixedIntroducedLast affectedIntroducedFixedIntroducedLast affectedIntroducedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "9.0" }, { "introduced": "0" }, { "last_affected": "10.0" }, { "introduced": "0" }, { "last_affected": "6.2" }, { "introduced": "0" }, { "last_affected": "15.0" }, { "introduced": "0" }, { "last_affected": "15.1" }, { "introduced": "0" }, { "last_affected": "7.2.0" }, { "introduced": "0" }, { "last_affected": "7.3.0" }, { "introduced": "0" }, { "last_affected": "3.0.0" }, { "introduced": "0" }, { "last_affected": "8.0" }, { "introduced": "0" }, { "last_affected": "19.2.0" }, { "introduced": "8.1.0" }, { "fixed": "8.2.0" }, { "introduced": "8.0.0" }, { "last_affected": "8.8.1" }, { "introduced": "8.9.0" }, { "fixed": "8.16.1" }, { "introduced": "10.0.0" }, { "last_affected": "10.12.0" }, { "introduced": "10.13.0" }, { "fixed": "10.16.3" }, { "introduced": "12.0.0" }, { "fixed": "12.8.1" } ] }
Affected versions
1.*
1.0.0
1.1.0
1.2.0
1.2.1
1.3.0
1.3.1
1.4.0
8.*
8.0.0
8.0.0-rc4
8.0.1
8.0.1-rc0
8.0.2
8.0.2-rc0
8.0.3
8.0.3-rc0
v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.6
v0.1.0
v0.1.1
v0.1.10
v0.1.100
v0.1.101
v0.1.102
v0.1.103
v0.1.104
v0.1.11
v0.1.12
v0.1.13
v0.1.14
v0.1.15
v0.1.16
v0.1.17
v0.1.18
v0.1.19
v0.1.2
v0.1.20
v0.1.21
v0.1.22
v0.1.23
v0.1.24
v0.1.25
v0.1.26
v0.1.27
v0.1.28
v0.1.29
v0.1.3
v0.1.30
v0.1.31
v0.1.32
v0.1.33
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.1.92
v0.1.93
v0.1.94
v0.1.95
v0.1.96
v0.1.97
v0.1.98
v0.1.99
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.4.0
v0.5.0
v0.5.1
v0.5.10
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.5-rc1
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.1
v0.7.0
v0.7.2
v0.7.3
v1.*
v1.0.1
v1.0.1-release
v1.0.2
v1.0.2-release
v1.0.3
v1.0.4
v1.1.0
v1.2.0
v1.3.0
v1.4.1
v1.4.2
v1.4.3
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.7.0
v1.7.1
v10.*
v10.0.0
v10.1.0
v10.10.0
v10.11.0
v10.12.0
v10.13.0
v10.14.0
v10.14.1
v10.14.2
v10.15.0
v10.15.1
v10.15.2
v10.15.3
v10.16.0
v10.16.1
v10.16.2
v10.2.0
v10.2.1
v10.3.0
v10.4.0
v10.4.1
v10.5.0
v10.6.0
v10.7.0
v10.8.0
v10.9.0
v12.*
v12.0.0
v12.1.0
v12.2.0
v12.3.0
v12.3.1
v12.4.0
v12.5.0
v12.6.0
v12.7.0
v12.8.0
v15.*
v15.0.0
v15.0.1
v15.1.0
v19.*
v19.0.0
v19.0.1
v19.1.0
v19.2.0
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.2.0
v2.2.1
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.4.0
v2.5.0
v3.*
v3.0.0
v6.*
v6.0.0
v6.1.0
v6.2.0
v7.*
v7.0.0
v7.1.0
v7.2.0
v7.2.1
v7.3.0
v8.*
v8.0.0
v8.1.0
v8.1.1
v8.1.2
v8.1.3
v8.1.4
v8.10.0
v8.11.0
v8.11.1
v8.11.2
v8.11.3
v8.11.4
v8.12.0
v8.13.0
v8.14.0
v8.14.1
v8.15.0
v8.15.1
v8.16.0
v8.2.0
v8.2.1
v8.3.0
v8.4.0
v8.5.0
v8.6.0
v8.7.0
v8.8.0
v8.8.1
v8.9.0
v8.9.1
v8.9.2
v8.9.3
v8.9.4
v9.*
v9.0.0
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "19.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "29"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "30"
}
]
},
{
"events": [
{
"introduced": "7.7.2.0"
},
{
"fixed": "7.7.2.24"
}
]
},
{
"events": [
{
"introduced": "7.8.2.0"
},
{
"fixed": "7.8.2.13"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9518.json"