CVE-2019-9513 log

Source
Severity Medium
Remote Yes
Type Denial of service
Description
An issue has been found in several HTTP/2 implementations, where the attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU, potentially leading to a denial of service.
Group Package Affected Fixed Severity Status Ticket
AVG-1024 libnghttp2 1.39.1-1 1.39.2-1 Medium Fixed
AVG-1023 nginx 1.16.0-1 1.16.1-1 Medium Fixed
AVG-1022 nginx-mainline 1.17.2-1 1.17.3-1 Medium Fixed
Date Advisory Group Package Severity Description
27 Aug 2019 ASA-201908-17 AVG-1024 libnghttp2 Medium denial of service
16 Aug 2019 ASA-201908-13 AVG-1023 nginx Medium denial of service
16 Aug 2019 ASA-201908-12 AVG-1022 nginx-mainline Medium denial of service
References
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
https://github.com/nginx/nginx/commit/5ae726912654da10a9a81b2c8436829f3e94f69f