CVE-2019-9511 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Denial of service |
| Description | An issue has been found in several HTTP/2 implementations, where the attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1024 | libnghttp2 | 1.39.1-1 | 1.39.2-1 | Medium | Fixed | |
| AVG-1023 | nginx | 1.16.0-1 | 1.16.1-1 | Medium | Fixed | |
| AVG-1022 | nginx-mainline | 1.17.2-1 | 1.17.3-1 | Medium | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 27 Aug 2019 | ASA-201908-17 | AVG-1024 | libnghttp2 | Medium | denial of service |
| 16 Aug 2019 | ASA-201908-13 | AVG-1023 | nginx | Medium | denial of service |
| 16 Aug 2019 | ASA-201908-12 | AVG-1022 | nginx-mainline | Medium | denial of service |
| References |
|---|
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md https://github.com/nginx/nginx/commit/a987f81dd19210bc30b62591db331e31d3d74089 |