---

CVE-2019-9511 - log back

CVE-2019-9511 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Denial of service
Description	+ An issue has been found in several HTTP/2 implementations, where the attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
References	+ https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md + https://github.com/nginx/nginx/commit/a987f81dd19210bc30b62591db331e31d3d74089
Notes