{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2019-9514","assignerOrgId":"37e5125f-f79b-445b-8fad-9564f167944b","assignerShortName":"certcc","dateUpdated":"2024-08-04T21:54:44.511Z","dateReserved":"2019-03-01T00:00:00.000Z","datePublished":"2019-08-13T00:00:00.000Z"},"containers":{"cna":{"title":"Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service","providerMetadata":{"orgId":"37e5125f-f79b-445b-8fad-9564f167944b","shortName":"certcc","dateUpdated":"2023-10-19T02:06:30.169Z"},"descriptions":[{"lang":"en","value":"Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both."}],"affected":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}],"references":[{"name":"VU#605641","tags":["third-party-advisory"],"url":"https://kb.cert.org/vuls/id/605641/"},{"url":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"},{"name":"[trafficserver-dev] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E"},{"name":"[trafficserver-users] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E"},{"name":"[trafficserver-announce] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E"},{"name":"20190814 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0","tags":["mailing-list"],"url":"https://seclists.org/bugtraq/2019/Aug/24"},{"name":"20190816 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0","tags":["mailing-list"],"url":"http://seclists.org/fulldisclosure/2019/Aug/16"},{"url":"https://www.synology.com/security/advisory/Synology_SA_19_33"},{"name":"20190819 [SECURITY] [DSA 4503-1] golang-1.11 security update","tags":["mailing-list"],"url":"https://seclists.org/bugtraq/2019/Aug/31"},{"name":"DSA-4503","tags":["vendor-advisory"],"url":"https://www.debian.org/security/2019/dsa-4503"},{"url":"https://support.f5.com/csp/article/K01988340"},{"name":"[oss-security] 20190819 [ANNOUNCE] Security release of Kubernetes v1.15.3, v1.14.6, v1.13.10 - CVE-2019-9512 and CVE-2019-9514","tags":["mailing-list"],"url":"http://www.openwall.com/lists/oss-security/2019/08/20/1"},{"url":"https://security.netapp.com/advisory/ntap-20190823-0001/"},{"url":"https://security.netapp.com/advisory/ntap-20190823-0004/"},{"url":"https://security.netapp.com/advisory/ntap-20190823-0005/"},{"name":"openSUSE-SU-2019:2000","tags":["vendor-advisory"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html"},{"name":"FEDORA-2019-5a6a7bc12c","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"},{"name":"FEDORA-2019-6a2980de56","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"},{"name":"20190825 [SECURITY] [DSA 4508-1] h2o security update","tags":["mailing-list"],"url":"https://seclists.org/bugtraq/2019/Aug/43"},{"name":"DSA-4508","tags":["vendor-advisory"],"url":"https://www.debian.org/security/2019/dsa-4508"},{"name":"openSUSE-SU-2019:2056","tags":["vendor-advisory"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"},{"name":"openSUSE-SU-2019:2072","tags":["vendor-advisory"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"},{"name":"FEDORA-2019-55d101a740","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/"},{"name":"FEDORA-2019-65db7ad6c7","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/"},{"name":"openSUSE-SU-2019:2085","tags":["vendor-advisory"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html"},{"name":"RHSA-2019:2682","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:2682"},{"name":"DSA-4520","tags":["vendor-advisory"],"url":"https://www.debian.org/security/2019/dsa-4520"},{"name":"RHSA-2019:2726","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:2726"},{"name":"20190910 [SECURITY] [DSA 4520-1] trafficserver security update","tags":["mailing-list"],"url":"https://seclists.org/bugtraq/2019/Sep/18"},{"name":"RHSA-2019:2594","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:2594"},{"name":"openSUSE-SU-2019:2114","tags":["vendor-advisory"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"},{"name":"openSUSE-SU-2019:2115","tags":["vendor-advisory"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"},{"name":"RHSA-2019:2661","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:2661"},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10296"},{"name":"RHSA-2019:2690","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:2690"},{"name":"RHSA-2019:2766","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:2766"},{"name":"openSUSE-SU-2019:2130","tags":["vendor-advisory"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html"},{"name":"RHSA-2019:2796","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:2796"},{"name":"RHSA-2019:2861","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:2861"},{"name":"RHSA-2019:2925","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:2925"},{"name":"RHSA-2019:2939","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:2939"},{"name":"RHSA-2019:2955","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:2955"},{"name":"RHSA-2019:2966","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:2966"},{"url":"https://support.f5.com/csp/article/K01988340?utm_source=f5support&amp%3Butm_medium=RSS"},{"name":"RHSA-2019:3131","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:3131"},{"name":"RHSA-2019:2769","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:2769"},{"name":"RHSA-2019:3245","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:3245"},{"name":"RHSA-2019:3265","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:3265"},{"name":"RHSA-2019:3892","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:3892"},{"name":"RHSA-2019:3906","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:3906"},{"name":"RHSA-2019:4018","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:4018"},{"name":"RHSA-2019:4019","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:4019"},{"name":"RHSA-2019:4021","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:4021"},{"name":"RHSA-2019:4020","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:4020"},{"name":"RHSA-2019:4045","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:4045"},{"name":"RHSA-2019:4042","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:4042"},{"name":"RHSA-2019:4040","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:4040"},{"name":"RHSA-2019:4041","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:4041"},{"name":"RHSA-2019:4269","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:4269"},{"name":"RHSA-2019:4273","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:4273"},{"name":"RHSA-2019:4352","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2019:4352"},{"name":"RHSA-2020:0406","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2020:0406"},{"name":"RHSA-2020:0727","tags":["vendor-advisory"],"url":"https://access.redhat.com/errata/RHSA-2020:0727"},{"name":"USN-4308-1","tags":["vendor-advisory"],"url":"https://usn.ubuntu.com/4308-1/"},{"name":"DSA-4669","tags":["vendor-advisory"],"url":"https://www.debian.org/security/2020/dsa-4669"},{"name":"[debian-lts-announce] 20201208 [SECURITY] [DLA 2485-1] golang-golang-x-net-dev security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html"},{"name":"[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations","tags":["mailing-list"],"url":"http://www.openwall.com/lists/oss-security/2023/10/18/8"}],"credits":[{"lang":"en","value":"Thanks to Jonathan Looney of Netflix for reporting this vulnerability."}],"metrics":[{"cvssV3_0":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-400 Uncontrolled Resource Consumption","cweId":"CWE-400"}]}],"x_generator":{"engine":"Vulnogram 0.0.7"},"source":{"discovery":"UNKNOWN"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T21:54:44.511Z"},"title":"CVE Program Container","references":[{"name":"VU#605641","tags":["third-party-advisory","x_transferred"],"url":"https://kb.cert.org/vuls/id/605641/"},{"url":"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","tags":["x_transferred"]},{"name":"[trafficserver-dev] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E"},{"name":"[trafficserver-users] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E"},{"name":"[trafficserver-announce] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E"},{"name":"20190814 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0","tags":["mailing-list","x_transferred"],"url":"https://seclists.org/bugtraq/2019/Aug/24"},{"name":"20190816 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0","tags":["mailing-list","x_transferred"],"url":"http://seclists.org/fulldisclosure/2019/Aug/16"},{"url":"https://www.synology.com/security/advisory/Synology_SA_19_33","tags":["x_transferred"]},{"name":"20190819 [SECURITY] [DSA 4503-1] golang-1.11 security update","tags":["mailing-list","x_transferred"],"url":"https://seclists.org/bugtraq/2019/Aug/31"},{"name":"DSA-4503","tags":["vendor-advisory","x_transferred"],"url":"https://www.debian.org/security/2019/dsa-4503"},{"url":"https://support.f5.com/csp/article/K01988340","tags":["x_transferred"]},{"name":"[oss-security] 20190819 [ANNOUNCE] Security release of Kubernetes v1.15.3, v1.14.6, v1.13.10 - CVE-2019-9512 and CVE-2019-9514","tags":["mailing-list","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2019/08/20/1"},{"url":"https://security.netapp.com/advisory/ntap-20190823-0001/","tags":["x_transferred"]},{"url":"https://security.netapp.com/advisory/ntap-20190823-0004/","tags":["x_transferred"]},{"url":"https://security.netapp.com/advisory/ntap-20190823-0005/","tags":["x_transferred"]},{"name":"openSUSE-SU-2019:2000","tags":["vendor-advisory","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html"},{"name":"FEDORA-2019-5a6a7bc12c","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"},{"name":"FEDORA-2019-6a2980de56","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"},{"name":"20190825 [SECURITY] [DSA 4508-1] h2o security update","tags":["mailing-list","x_transferred"],"url":"https://seclists.org/bugtraq/2019/Aug/43"},{"name":"DSA-4508","tags":["vendor-advisory","x_transferred"],"url":"https://www.debian.org/security/2019/dsa-4508"},{"name":"openSUSE-SU-2019:2056","tags":["vendor-advisory","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"},{"name":"openSUSE-SU-2019:2072","tags":["vendor-advisory","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"},{"name":"FEDORA-2019-55d101a740","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/"},{"name":"FEDORA-2019-65db7ad6c7","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/"},{"name":"openSUSE-SU-2019:2085","tags":["vendor-advisory","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html"},{"name":"RHSA-2019:2682","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:2682"},{"name":"DSA-4520","tags":["vendor-advisory","x_transferred"],"url":"https://www.debian.org/security/2019/dsa-4520"},{"name":"RHSA-2019:2726","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:2726"},{"name":"20190910 [SECURITY] [DSA 4520-1] trafficserver security update","tags":["mailing-list","x_transferred"],"url":"https://seclists.org/bugtraq/2019/Sep/18"},{"name":"RHSA-2019:2594","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:2594"},{"name":"openSUSE-SU-2019:2114","tags":["vendor-advisory","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"},{"name":"openSUSE-SU-2019:2115","tags":["vendor-advisory","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"},{"name":"RHSA-2019:2661","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:2661"},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10296","tags":["x_transferred"]},{"name":"RHSA-2019:2690","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:2690"},{"name":"RHSA-2019:2766","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:2766"},{"name":"openSUSE-SU-2019:2130","tags":["vendor-advisory","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html"},{"name":"RHSA-2019:2796","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:2796"},{"name":"RHSA-2019:2861","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:2861"},{"name":"RHSA-2019:2925","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:2925"},{"name":"RHSA-2019:2939","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:2939"},{"name":"RHSA-2019:2955","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:2955"},{"name":"RHSA-2019:2966","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:2966"},{"url":"https://support.f5.com/csp/article/K01988340?utm_source=f5support&amp%3Butm_medium=RSS","tags":["x_transferred"]},{"name":"RHSA-2019:3131","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:3131"},{"name":"RHSA-2019:2769","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:2769"},{"name":"RHSA-2019:3245","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:3245"},{"name":"RHSA-2019:3265","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:3265"},{"name":"RHSA-2019:3892","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:3892"},{"name":"RHSA-2019:3906","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:3906"},{"name":"RHSA-2019:4018","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:4018"},{"name":"RHSA-2019:4019","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:4019"},{"name":"RHSA-2019:4021","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:4021"},{"name":"RHSA-2019:4020","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:4020"},{"name":"RHSA-2019:4045","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:4045"},{"name":"RHSA-2019:4042","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:4042"},{"name":"RHSA-2019:4040","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:4040"},{"name":"RHSA-2019:4041","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:4041"},{"name":"RHSA-2019:4269","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:4269"},{"name":"RHSA-2019:4273","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:4273"},{"name":"RHSA-2019:4352","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:4352"},{"name":"RHSA-2020:0406","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2020:0406"},{"name":"RHSA-2020:0727","tags":["vendor-advisory","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2020:0727"},{"name":"USN-4308-1","tags":["vendor-advisory","x_transferred"],"url":"https://usn.ubuntu.com/4308-1/"},{"name":"DSA-4669","tags":["vendor-advisory","x_transferred"],"url":"https://www.debian.org/security/2020/dsa-4669"},{"name":"[debian-lts-announce] 20201208 [SECURITY] [DLA 2485-1] golang-golang-x-net-dev security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html"},{"name":"[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations","tags":["mailing-list","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2023/10/18/8"}]}]}}