CVE-2019-9511 log

Source
Severity Medium
Remote Yes
Type Denial of service
Description
An issue has been found in several HTTP/2 implementations, where the attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
Group Package Affected Fixed Severity Status Ticket
AVG-1024 libnghttp2 1.39.1-1 1.39.2-1 Medium Fixed
AVG-1023 nginx 1.16.0-1 1.16.1-1 Medium Fixed
AVG-1022 nginx-mainline 1.17.2-1 1.17.3-1 Medium Fixed
Date Advisory Group Package Severity Description
27 Aug 2019 ASA-201908-17 AVG-1024 libnghttp2 Medium denial of service
16 Aug 2019 ASA-201908-13 AVG-1023 nginx Medium denial of service
16 Aug 2019 ASA-201908-12 AVG-1022 nginx-mainline Medium denial of service
References
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
https://github.com/nginx/nginx/commit/a987f81dd19210bc30b62591db331e31d3d74089