HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2019-9511

CVSS 7.5v3.1pub. 2019-08-13upd. 2025-01-14

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Apache Traffic Server

    APP
    Apache
    6.0.0 – 6.2.37.0.0 – 7.1.68.0.0 – 8.0.3
  • Apple Mac Os X

    OS
    Apple
    ≥ 10.12
  • Apple Swiftnio

    APP
    Apple
    1.0.0 – 1.4.0
  • Canonical Ubuntu

    OS
    Canonical
    16.0418.0419.04≥ 14.04
  • Debian

    OS
    Debian
    10.09.0
  • F5 nginx

    APP
    F5
    1.9.5 – 1.16.1 (bez)1.17.0 – 1.17.2
  • Fedora Project Fedora

    OS
    Fedoraproject
    2930
  • Mcafee Web Gateway

    APP
    Mcafee
    7.8.2.0 – 7.8.2.13 (bez)8.1.0 – 8.2.0 (bez)7.7.2.0 – 7.7.2.24 (bez)
  • Node.js

    APP
    Nodejs
    12.0.0 – 12.8.1 (bez)8.0.0 – 8.8.18.9.0 – 8.16.1 (bez)10.0.0 – 10.12.010.13.0 – 10.16.3 (bez)
  • Opensuse Leap

    OS
    Opensuse
    15.015.1
  • Oracle Enterprise Communications Broker

    APP
    Oracle
    3.1.03.2.0
  • Oracle Graalvm

    APP
    Oracle
    19.2.0
  • Red Hat Enterprise Linux

    OS
    Redhat
    8.0
  • Red Hat Jboss Core Services

    APP
    Redhat
    1.0
  • Red Hat Jboss Enterprise Application Platform

    APP
    Redhat
    7.2.07.3.0
  • Red Hat Openshift Service Mesh

    APP
    Redhat
    1.0
  • Red Hat Quay

    APP
    Redhat
    3.0.0
  • Red Hat Software Collections

    APP
    Redhat
    1.0
  • Synology Diskstation Manager

    OS
    Synology
    6.2
  • Synology Skynas

    APP
    Synology
    wszystkie wersje
  • Synology Vs960hd

    HW
    Synology
    wszystkie wersje
  • Synology Vs960hd Firmware

    OS
    Synology
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt

GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt

RCE przez deserializację PHP w Roundcube Webmail (parametr _from)

CVE-2025-32433CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)

CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki