Vulnerability CVE-2019-9514: Information
Description
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
golang | sisyphus | 1.12.9-alt1 | 1.22.2-alt1 | ALT-PU-2019-2494-1 | 236282 | Fixed |
golang | p10 | 1.12.9-alt1 | 1.21.9-alt1 | ALT-PU-2019-2494-1 | 236282 | Fixed |
golang | p9 | 1.12.9-alt1 | 1.15.15-alt1 | ALT-PU-2019-2495-1 | 236286 | Fixed |
golang | p8 | 1.12.9-alt1 | 1.12.17-alt1 | ALT-PU-2019-2807-1 | 236875 | Fixed |
golang | c10f1 | 1.12.9-alt1 | 1.21.9-alt1 | ALT-PU-2019-2494-1 | 236282 | Fixed |
golang | c9f2 | 1.12.9-alt1 | 1.20.11-alt1 | ALT-PU-2019-2495-1 | 236286 | Fixed |
kubernetes | p9 | 1.15.4-alt1 | 1.20.2-alt1 | ALT-PU-2019-2794-1 | 238219 | Fixed |
kubernetes | c9f2 | 1.15.4-alt1 | 1.22.5-alt2 | ALT-PU-2019-2794-1 | 238219 | Fixed |
node | sisyphus | 10.17.0-alt1 | 20.12.2-alt1 | ALT-PU-2019-3050-1 | 239770 | Fixed |
node | p10 | 10.17.0-alt1 | 16.19.1-alt1 | ALT-PU-2019-3050-1 | 239770 | Fixed |
node | p9 | 14.3.0-alt1 | 14.17.2-alt1 | ALT-PU-2020-2195-1 | 247371 | Fixed |
node | c10f1 | 10.17.0-alt1 | 16.19.1-alt1 | ALT-PU-2019-3050-1 | 239770 | Fixed |
node | c9f2 | 14.3.0-alt1 | 16.19.1-alt0.c9.1 | ALT-PU-2020-2195-1 | 247371 | Fixed |
traefik | sisyphus | 1.7.14-alt1 | 2.11.0-alt1 | ALT-PU-2019-2525-1 | 236482 | Fixed |
traefik | p10 | 1.7.14-alt1 | 2.10.7-alt1 | ALT-PU-2019-2525-1 | 236482 | Fixed |
traefik | p9 | 1.7.14-alt1 | 2.4.3-alt1 | ALT-PU-2019-2564-1 | 236696 | Fixed |
traefik | c10f1 | 1.7.14-alt1 | 2.10.7-alt1 | ALT-PU-2019-2525-1 | 236482 | Fixed |
traefik | c9f2 | 1.7.14-alt1 | 2.10.3-alt1 | ALT-PU-2019-2564-1 | 236696 | Fixed |