Vulnerability CVE-2019-9514: Information

Description

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-9514

Published: Aug. 14, 2019

Modified: Nov. 7, 2023

Error type identifier: CWE-770

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
golang	sisyphus	1.12.9-alt1	1.22.2-alt1	ALT-PU-2019-2494-1	236282	Fixed
golang	p10	1.12.9-alt1	1.21.9-alt1	ALT-PU-2019-2494-1	236282	Fixed
golang	p9	1.12.9-alt1	1.15.15-alt1	ALT-PU-2019-2495-1	236286	Fixed
golang	p8	1.12.9-alt1	1.12.17-alt1	ALT-PU-2019-2807-1	236875	Fixed
golang	c10f1	1.12.9-alt1	1.21.9-alt1	ALT-PU-2019-2494-1	236282	Fixed
golang	c9f2	1.12.9-alt1	1.20.11-alt1	ALT-PU-2019-2495-1	236286	Fixed
kubernetes	p9	1.15.4-alt1	1.20.2-alt1	ALT-PU-2019-2794-1	238219	Fixed
kubernetes	c9f2	1.15.4-alt1	1.22.5-alt2	ALT-PU-2019-2794-1	238219	Fixed
node	sisyphus	10.17.0-alt1	20.12.2-alt1	ALT-PU-2019-3050-1	239770	Fixed
node	p10	10.17.0-alt1	16.19.1-alt1	ALT-PU-2019-3050-1	239770	Fixed
node	p9	14.3.0-alt1	14.17.2-alt1	ALT-PU-2020-2195-1	247371	Fixed
node	c10f1	10.17.0-alt1	16.19.1-alt1	ALT-PU-2019-3050-1	239770	Fixed
node	c9f2	14.3.0-alt1	16.19.1-alt0.c9.1	ALT-PU-2020-2195-1	247371	Fixed
traefik	sisyphus	1.7.14-alt1	2.11.0-alt1	ALT-PU-2019-2525-1	236482	Fixed
traefik	p10	1.7.14-alt1	2.10.7-alt1	ALT-PU-2019-2525-1	236482	Fixed
traefik	p9	1.7.14-alt1	2.4.3-alt1	ALT-PU-2019-2564-1	236696	Fixed
traefik	c10f1	1.7.14-alt1	2.10.7-alt1	ALT-PU-2019-2525-1	236482	Fixed
traefik	c9f2	1.7.14-alt1	2.10.3-alt1	ALT-PU-2019-2564-1	236696	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
VU#605641	Third Party Advisory US Government Resource
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md	Third Party Advisory
20190814 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0	Mailing List Third Party Advisory
20190816 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0	Mailing List Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_33	Third Party Advisory
20190819 [SECURITY] [DSA 4503-1] golang-1.11 security update	Mailing List Third Party Advisory
DSA-4503	Third Party Advisory
https://support.f5.com/csp/article/K01988340	Third Party Advisory
[oss-security] 20190819 [ANNOUNCE] Security release of Kubernetes v1.15.3, v1.14.6, v1.13.10 - CVE-2019-9512 and CVE-2019-9514	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20190823-0004/	Third Party Advisory
https://security.netapp.com/advisory/ntap-20190823-0005/	Third Party Advisory
https://security.netapp.com/advisory/ntap-20190823-0001/	Third Party Advisory
openSUSE-SU-2019:2000	Mailing List Third Party Advisory
20190825 [SECURITY] [DSA 4508-1] h2o security update	Mailing List Third Party Advisory
DSA-4508	Third Party Advisory
openSUSE-SU-2019:2056	Mailing List Third Party Advisory
openSUSE-SU-2019:2072	Mailing List Third Party Advisory
openSUSE-SU-2019:2085	Mailing List Third Party Advisory
RHSA-2019:2682	Third Party Advisory
DSA-4520	Third Party Advisory
RHSA-2019:2726	Third Party Advisory
20190910 [SECURITY] [DSA 4520-1] trafficserver security update	Mailing List Third Party Advisory
RHSA-2019:2594	Third Party Advisory
openSUSE-SU-2019:2114	Mailing List Third Party Advisory
openSUSE-SU-2019:2115	Mailing List Third Party Advisory
RHSA-2019:2661	Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10296	Third Party Advisory
RHSA-2019:2690	Third Party Advisory
RHSA-2019:2766	Third Party Advisory
openSUSE-SU-2019:2130	Mailing List Third Party Advisory
RHSA-2019:2796	Third Party Advisory
RHSA-2019:2861	Third Party Advisory
RHSA-2019:2925	Third Party Advisory
RHSA-2019:2939	Third Party Advisory
RHSA-2019:2955	Third Party Advisory
RHSA-2019:2966	Third Party Advisory
RHSA-2019:3131	Third Party Advisory
RHSA-2019:2769	Third Party Advisory
RHSA-2019:3245	Third Party Advisory
RHSA-2019:3265	Third Party Advisory
RHSA-2019:3892	Third Party Advisory
RHSA-2019:3906	Third Party Advisory
RHSA-2019:4018	Third Party Advisory
RHSA-2019:4020	Third Party Advisory
RHSA-2019:4019	Third Party Advisory
RHSA-2019:4021	Third Party Advisory
RHSA-2019:4040	Third Party Advisory
RHSA-2019:4042	Third Party Advisory
RHSA-2019:4041	Third Party Advisory
RHSA-2019:4045	Third Party Advisory
RHSA-2019:4269	Third Party Advisory
RHSA-2019:4273	Third Party Advisory
RHSA-2019:4352	Third Party Advisory
RHSA-2020:0406	Third Party Advisory
RHSA-2020:0727	Third Party Advisory
USN-4308-1	Third Party Advisory
DSA-4669	Third Party Advisory
[debian-lts-announce] 20201208 [SECURITY] [DLA 2485-1] golang-golang-x-net-dev security update	Third Party Advisory
[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations
[trafficserver-dev] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks
[trafficserver-users] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks
[trafficserver-announce] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks
FEDORA-2019-5a6a7bc12c
FEDORA-2019-6a2980de56
FEDORA-2019-55d101a740
FEDORA-2019-65db7ad6c7
https://support.f5.com/csp/article/K01988340?utm_source=f5support&amp%3Butm_medium=RSS

Affected configurations:
1. Configuration 1
  cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*
  
  Configuration 2
  cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
  Start including
  8.0.0
  End including
  8.0.3
  cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
  Start including
  7.0.0
  End including
  7.1.6
  cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
  Start including
  6.0.0
  End including
  6.2.3
  
  Configuration 3
  cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  
  Configuration 4
  cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
  
  Configuration 5
  cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  
  Configuration 6
  cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*
  cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*
  
  Configuration 7
  cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*
  
  Configuration 8
  cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
  
  Configuration 9
  cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
  cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  
  Configuration 10
  cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*
  
  Configuration 11
  cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*
  
  Configuration 12
  cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*
  Start including
  7.7.2.0
  End excliding
  7.7.2.24
  cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*
  Start including
  7.8.2.0
  End excliding
  7.8.2.13
  cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*
  Start including
  8.1.0
  End excliding
  8.2.0
  
  Configuration 13
  cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*
  
  Configuration 14
  cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
  Start including
  14.1.0
  End excliding
  14.1.2.1
  cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
  Start including
  14.0.0
  End excliding
  14.0.1.1
  cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
  Start including
  13.1.0
  End excliding
  13.1.3.2
  cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
  Start including
  15.0.0
  End excliding
  15.0.1.1
  cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
  Start including
  12.1.0
  End excliding
  12.1.5.1
  cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
  Start including
  11.6.1
  End excliding
  11.6.5.1
  
  Configuration 15
  cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
  Start including
  8.0.0
  End including
  8.8.1
  cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
  Start including
  10.0.0
  End including
  10.12.0
  cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
  Start including
  12.0.0
  End excliding
  12.8.1
  cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
  Start including
  10.13.0
  End excliding
  10.16.3
  cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
  Start including
  8.9.0
  End excliding
  8.16.1

Version: v24.4.2

Vulnerability CVE-2019-9514: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Configuration 6

Configuration 7

Configuration 8

Configuration 9

Configuration 10

Configuration 11

Configuration 12

Configuration 13

Configuration 14

Configuration 15