{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"credits":[{"lang":"en","value":"Thanks to Jonathan Looney of Netflix for reporting this vulnerability."}],"descriptions":[{"lang":"en","value":"Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both."}],"metrics":[{"cvssV3_0":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-400","description":"CWE-400 Uncontrolled Resource Consumption","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2020-12-08T23:06:27.000Z","orgId":"37e5125f-f79b-445b-8fad-9564f167944b","shortName":"certcc"},"references":[{"name":"VU#605641","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"https://kb.cert.org/vuls/id/605641/"},{"tags":["x_refsource_MISC"],"url":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"},{"name":"[trafficserver-dev] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E"},{"name":"[trafficserver-users] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E"},{"name":"[trafficserver-announce] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E"},{"name":"20190814 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"https://seclists.org/bugtraq/2019/Aug/24"},{"name":"20190816 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0","tags":["mailing-list","x_refsource_FULLDISC"],"url":"http://seclists.org/fulldisclosure/2019/Aug/16"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.synology.com/security/advisory/Synology_SA_19_33"},{"name":"20190819 [SECURITY] [DSA 4503-1] golang-1.11 security update","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"https://seclists.org/bugtraq/2019/Aug/31"},{"name":"DSA-4503","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"https://www.debian.org/security/2019/dsa-4503"},{"tags":["x_refsource_CONFIRM"],"url":"https://support.f5.com/csp/article/K98053339"},{"name":"[oss-security] 20190819 [ANNOUNCE] Security release of Kubernetes v1.15.3, v1.14.6, v1.13.10 - CVE-2019-9512 and CVE-2019-9514","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2019/08/20/1"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.netapp.com/advisory/ntap-20190823-0001/"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.netapp.com/advisory/ntap-20190823-0004/"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.netapp.com/advisory/ntap-20190823-0005/"},{"name":"openSUSE-SU-2019:2000","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html"},{"name":"FEDORA-2019-5a6a7bc12c","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"},{"name":"FEDORA-2019-6a2980de56","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"},{"name":"20190825 [SECURITY] [DSA 4508-1] h2o security update","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"https://seclists.org/bugtraq/2019/Aug/43"},{"name":"DSA-4508","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"https://www.debian.org/security/2019/dsa-4508"},{"name":"openSUSE-SU-2019:2056","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"},{"name":"openSUSE-SU-2019:2072","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"},{"name":"FEDORA-2019-55d101a740","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/"},{"name":"FEDORA-2019-65db7ad6c7","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/"},{"name":"openSUSE-SU-2019:2085","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html"},{"name":"RHSA-2019:2682","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:2682"},{"name":"DSA-4520","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"https://www.debian.org/security/2019/dsa-4520"},{"name":"RHSA-2019:2726","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:2726"},{"name":"20190910 [SECURITY] [DSA 4520-1] trafficserver security update","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"https://seclists.org/bugtraq/2019/Sep/18"},{"name":"RHSA-2019:2594","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:2594"},{"name":"openSUSE-SU-2019:2114","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"},{"name":"openSUSE-SU-2019:2115","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"},{"name":"RHSA-2019:2661","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:2661"},{"tags":["x_refsource_CONFIRM"],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10296"},{"name":"RHSA-2019:2690","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:2690"},{"name":"RHSA-2019:2766","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:2766"},{"name":"openSUSE-SU-2019:2130","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html"},{"name":"RHSA-2019:2796","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:2796"},{"name":"RHSA-2019:2861","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:2861"},{"name":"RHSA-2019:2925","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:2925"},{"name":"RHSA-2019:2939","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:2939"},{"name":"RHSA-2019:2955","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:2955"},{"name":"RHSA-2019:2966","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:2966"},{"tags":["x_refsource_CONFIRM"],"url":"https://support.f5.com/csp/article/K98053339?utm_source=f5support&amp%3Butm_medium=RSS"},{"name":"RHSA-2019:3131","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:3131"},{"name":"RHSA-2019:2769","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:2769"},{"name":"RHSA-2019:3245","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:3245"},{"name":"RHSA-2019:3265","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:3265"},{"name":"RHSA-2019:3892","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:3892"},{"name":"RHSA-2019:3906","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:3906"},{"name":"RHSA-2019:4018","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:4018"},{"name":"RHSA-2019:4019","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:4019"},{"name":"RHSA-2019:4021","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:4021"},{"name":"RHSA-2019:4020","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:4020"},{"name":"RHSA-2019:4045","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:4045"},{"name":"RHSA-2019:4042","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:4042"},{"name":"RHSA-2019:4040","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:4040"},{"name":"RHSA-2019:4041","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:4041"},{"name":"RHSA-2019:4269","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:4269"},{"name":"RHSA-2019:4273","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:4273"},{"name":"RHSA-2019:4352","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:4352"},{"name":"RHSA-2020:0406","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2020:0406"},{"name":"RHSA-2020:0727","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2020:0727"},{"name":"USN-4308-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"https://usn.ubuntu.com/4308-1/"},{"name":"[debian-lts-announce] 20201208 [SECURITY] [DLA 2485-1] golang-golang-x-net-dev security update","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html"}],"source":{"discovery":"UNKNOWN"},"title":"Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service","x_generator":{"engine":"Vulnogram 0.0.7"},"x_legacyV4Record":{"CVE_data_meta":{"AKA":"HTTP/2 Ping Flood","ASSIGNER":"cert@cert.org","ID":"CVE-2019-9512","STATE":"PUBLIC","TITLE":"Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"credit":[{"lang":"eng","value":"Thanks to Jonathan Looney of Netflix for reporting this vulnerability."}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both."}]},"generator":{"engine":"Vulnogram 0.0.7"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.0"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-400 Uncontrolled Resource Consumption"}]}]},"references":{"reference_data":[{"name":"VU#605641","refsource":"CERT-VN","url":"https://kb.cert.org/vuls/id/605641/"},{"name":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","refsource":"MISC","url":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"},{"name":"[trafficserver-dev] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks","refsource":"MLIST","url":"https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E"},{"name":"[trafficserver-users] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks","refsource":"MLIST","url":"https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E"},{"name":"[trafficserver-announce] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks","refsource":"MLIST","url":"https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E"},{"name":"20190814 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0","refsource":"BUGTRAQ","url":"https://seclists.org/bugtraq/2019/Aug/24"},{"name":"20190816 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0","refsource":"FULLDISC","url":"http://seclists.org/fulldisclosure/2019/Aug/16"},{"name":"https://www.synology.com/security/advisory/Synology_SA_19_33","refsource":"CONFIRM","url":"https://www.synology.com/security/advisory/Synology_SA_19_33"},{"name":"20190819 [SECURITY] [DSA 4503-1] golang-1.11 security update","refsource":"BUGTRAQ","url":"https://seclists.org/bugtraq/2019/Aug/31"},{"name":"DSA-4503","refsource":"DEBIAN","url":"https://www.debian.org/security/2019/dsa-4503"},{"name":"https://support.f5.com/csp/article/K98053339","refsource":"CONFIRM","url":"https://support.f5.com/csp/article/K98053339"},{"name":"[oss-security] 20190819 [ANNOUNCE] Security release of Kubernetes v1.15.3, v1.14.6, v1.13.10 - CVE-2019-9512 and CVE-2019-9514","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2019/08/20/1"},{"name":"https://security.netapp.com/advisory/ntap-20190823-0001/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20190823-0001/"},{"name":"https://security.netapp.com/advisory/ntap-20190823-0004/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20190823-0004/"},{"name":"https://security.netapp.com/advisory/ntap-20190823-0005/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20190823-0005/"},{"name":"openSUSE-SU-2019:2000","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html"},{"name":"FEDORA-2019-5a6a7bc12c","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"},{"name":"FEDORA-2019-6a2980de56","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"},{"name":"20190825 [SECURITY] [DSA 4508-1] h2o security update","refsource":"BUGTRAQ","url":"https://seclists.org/bugtraq/2019/Aug/43"},{"name":"DSA-4508","refsource":"DEBIAN","url":"https://www.debian.org/security/2019/dsa-4508"},{"name":"openSUSE-SU-2019:2056","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"},{"name":"openSUSE-SU-2019:2072","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"},{"name":"FEDORA-2019-55d101a740","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/"},{"name":"FEDORA-2019-65db7ad6c7","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/"},{"name":"openSUSE-SU-2019:2085","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html"},{"name":"RHSA-2019:2682","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:2682"},{"name":"DSA-4520","refsource":"DEBIAN","url":"https://www.debian.org/security/2019/dsa-4520"},{"name":"RHSA-2019:2726","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:2726"},{"name":"20190910 [SECURITY] [DSA 4520-1] trafficserver security update","refsource":"BUGTRAQ","url":"https://seclists.org/bugtraq/2019/Sep/18"},{"name":"RHSA-2019:2594","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:2594"},{"name":"openSUSE-SU-2019:2114","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"},{"name":"openSUSE-SU-2019:2115","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"},{"name":"RHSA-2019:2661","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:2661"},{"name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10296","refsource":"CONFIRM","url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10296"},{"name":"RHSA-2019:2690","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:2690"},{"name":"RHSA-2019:2766","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:2766"},{"name":"openSUSE-SU-2019:2130","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html"},{"name":"RHSA-2019:2796","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:2796"},{"name":"RHSA-2019:2861","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:2861"},{"name":"RHSA-2019:2925","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:2925"},{"name":"RHSA-2019:2939","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:2939"},{"name":"RHSA-2019:2955","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:2955"},{"name":"RHSA-2019:2966","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:2966"},{"name":"https://support.f5.com/csp/article/K98053339?utm_source=f5support&utm_medium=RSS","refsource":"CONFIRM","url":"https://support.f5.com/csp/article/K98053339?utm_source=f5support&utm_medium=RSS"},{"name":"RHSA-2019:3131","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:3131"},{"name":"RHSA-2019:2769","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:2769"},{"name":"RHSA-2019:3245","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:3245"},{"name":"RHSA-2019:3265","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:3265"},{"name":"RHSA-2019:3892","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:3892"},{"name":"RHSA-2019:3906","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:3906"},{"name":"RHSA-2019:4018","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:4018"},{"name":"RHSA-2019:4019","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:4019"},{"name":"RHSA-2019:4021","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:4021"},{"name":"RHSA-2019:4020","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:4020"},{"name":"RHSA-2019:4045","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:4045"},{"name":"RHSA-2019:4042","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:4042"},{"name":"RHSA-2019:4040","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:4040"},{"name":"RHSA-2019:4041","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:4041"},{"name":"RHSA-2019:4269","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:4269"},{"name":"RHSA-2019:4273","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:4273"},{"name":"RHSA-2019:4352","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:4352"},{"name":"RHSA-2020:0406","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2020:0406"},{"name":"RHSA-2020:0727","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2020:0727"},{"name":"USN-4308-1","refsource":"UBUNTU","url":"https://usn.ubuntu.com/4308-1/"},{"name":"[debian-lts-announce] 20201208 [SECURITY] [DLA 2485-1] golang-golang-x-net-dev security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html"}]},"source":{"discovery":"UNKNOWN"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T21:54:44.253Z"},"title":"CVE Program Container","references":[{"name":"VU#605641","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"https://kb.cert.org/vuls/id/605641/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"},{"name":"[trafficserver-dev] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E"},{"name":"[trafficserver-users] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E"},{"name":"[trafficserver-announce] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E"},{"name":"20190814 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"https://seclists.org/bugtraq/2019/Aug/24"},{"name":"20190816 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0","tags":["mailing-list","x_refsource_FULLDISC","x_transferred"],"url":"http://seclists.org/fulldisclosure/2019/Aug/16"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.synology.com/security/advisory/Synology_SA_19_33"},{"name":"20190819 [SECURITY] [DSA 4503-1] golang-1.11 security update","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"https://seclists.org/bugtraq/2019/Aug/31"},{"name":"DSA-4503","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"https://www.debian.org/security/2019/dsa-4503"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://support.f5.com/csp/article/K98053339"},{"name":"[oss-security] 20190819 [ANNOUNCE] Security release of Kubernetes v1.15.3, v1.14.6, v1.13.10 - CVE-2019-9512 and CVE-2019-9514","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2019/08/20/1"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20190823-0001/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20190823-0004/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20190823-0005/"},{"name":"openSUSE-SU-2019:2000","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html"},{"name":"FEDORA-2019-5a6a7bc12c","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"},{"name":"FEDORA-2019-6a2980de56","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"},{"name":"20190825 [SECURITY] [DSA 4508-1] h2o security update","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"https://seclists.org/bugtraq/2019/Aug/43"},{"name":"DSA-4508","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"https://www.debian.org/security/2019/dsa-4508"},{"name":"openSUSE-SU-2019:2056","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"},{"name":"openSUSE-SU-2019:2072","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"},{"name":"FEDORA-2019-55d101a740","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/"},{"name":"FEDORA-2019-65db7ad6c7","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/"},{"name":"openSUSE-SU-2019:2085","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html"},{"name":"RHSA-2019:2682","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:2682"},{"name":"DSA-4520","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"https://www.debian.org/security/2019/dsa-4520"},{"name":"RHSA-2019:2726","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:2726"},{"name":"20190910 [SECURITY] [DSA 4520-1] trafficserver security update","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"https://seclists.org/bugtraq/2019/Sep/18"},{"name":"RHSA-2019:2594","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:2594"},{"name":"openSUSE-SU-2019:2114","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"},{"name":"openSUSE-SU-2019:2115","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"},{"name":"RHSA-2019:2661","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:2661"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10296"},{"name":"RHSA-2019:2690","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:2690"},{"name":"RHSA-2019:2766","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:2766"},{"name":"openSUSE-SU-2019:2130","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html"},{"name":"RHSA-2019:2796","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:2796"},{"name":"RHSA-2019:2861","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:2861"},{"name":"RHSA-2019:2925","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:2925"},{"name":"RHSA-2019:2939","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:2939"},{"name":"RHSA-2019:2955","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:2955"},{"name":"RHSA-2019:2966","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:2966"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://support.f5.com/csp/article/K98053339?utm_source=f5support&amp%3Butm_medium=RSS"},{"name":"RHSA-2019:3131","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:3131"},{"name":"RHSA-2019:2769","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:2769"},{"name":"RHSA-2019:3245","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:3245"},{"name":"RHSA-2019:3265","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:3265"},{"name":"RHSA-2019:3892","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:3892"},{"name":"RHSA-2019:3906","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:3906"},{"name":"RHSA-2019:4018","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:4018"},{"name":"RHSA-2019:4019","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:4019"},{"name":"RHSA-2019:4021","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:4021"},{"name":"RHSA-2019:4020","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:4020"},{"name":"RHSA-2019:4045","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:4045"},{"name":"RHSA-2019:4042","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:4042"},{"name":"RHSA-2019:4040","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:4040"},{"name":"RHSA-2019:4041","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:4041"},{"name":"RHSA-2019:4269","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:4269"},{"name":"RHSA-2019:4273","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:4273"},{"name":"RHSA-2019:4352","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:4352"},{"name":"RHSA-2020:0406","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2020:0406"},{"name":"RHSA-2020:0727","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2020:0727"},{"name":"USN-4308-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"https://usn.ubuntu.com/4308-1/"},{"name":"[debian-lts-announce] 20201208 [SECURITY] [DLA 2485-1] golang-golang-x-net-dev security update","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html"}]}]},"cveMetadata":{"assignerOrgId":"37e5125f-f79b-445b-8fad-9564f167944b","assignerShortName":"certcc","cveId":"CVE-2019-9512","datePublished":"2019-08-13T20:50:59.000Z","dateReserved":"2019-03-01T00:00:00.000Z","dateUpdated":"2024-08-04T21:54:44.253Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}