CVE-2019-9516 log

Severity Medium
Remote Yes
Type Denial of service
An issue has been found in several HTTP/2 implementations, where the attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory, potentially leading to a denial of service.
Group Package Affected Fixed Severity Status Ticket
AVG-1023 nginx 1.16.0-1 1.16.1-1 Medium Fixed
AVG-1022 nginx-mainline 1.17.2-1 1.17.3-1 Medium Fixed
Date Advisory Group Package Severity Type
16 Aug 2019 ASA-201908-13 AVG-1023 nginx Medium denial of service
16 Aug 2019 ASA-201908-12 AVG-1022 nginx-mainline Medium denial of service