Vulnerability DatabaseCVE-2019-9512
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2019-9512
Published:August 13, 2019
Updated:May 16, 2026
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Related Resources (90)
https://access.redhat.com/errata/RHSA-2019:4040
https://seclists.org/bugtraq/2019/Aug/43
http://seclists.org/fulldisclosure/2019/Aug/16
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/
https://access.redhat.com/errata/RHSA-2019:4045
https://access.redhat.com/errata/RHSA-2019:3245
https://seclists.org/bugtraq/2019/Aug/31
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
https://usn.ubuntu.com/4308-1
https://www.synology.com/security/advisory/Synology_SA_19_33
https://access.redhat.com/errata/RHSA-2019:2796
https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E
https://access.redhat.com/errata/RHSA-2019:4269
https://access.redhat.com/errata/RHSA-2019:2925
https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html
https://access.redhat.com/errata/RHSA-2019:4021
https://access.redhat.com/errata/RHSA-2019:4020
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
https://access.redhat.com/errata/RHSA-2019:4273
https://go.dev/issue/33606
https://access.redhat.com/errata/RHSA-2019:4042
https://seclists.org/bugtraq/2019/Aug/24
https://support.f5.com/csp/article/K98053339?utm_source=f5support&utm_medium=RSS
https://access.redhat.com/errata/RHSA-2020:0406
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC
https://www.debian.org/security/2019/dsa-4508
https://access.redhat.com/errata/RHSA-2019:4041
https://support.f5.com/csp/article/K01988340?utm_source=f5support&utm_medium=RSS
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
https://access.redhat.com/errata/RHSA-2019:3265
https://access.redhat.com/errata/RHSA-2019:2682
https://access.redhat.com/errata/RHSA-2019:4019
https://kc.mcafee.com/corporate/index?page=content&id=SB10296
https://access.redhat.com/errata/RHSA-2019:2861
https://groups.google.com/g/golang-announce/c/65QixT3tcmg/m/DrFiG6vvCwAJ
http://www.openwall.com/lists/oss-security/2019/08/20/1
https://usn.ubuntu.com/4308-1/
https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP
https://access.redhat.com/errata/RHSA-2019:2769
https://security.netapp.com/advisory/ntap-20190823-0005/
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html
https://access.redhat.com/errata/RHSA-2019:2594
https://go.googlesource.com/go/+/145e193131eb486077b66009beb051aba07c52a5
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html
https://access.redhat.com/errata/RHSA-2019:2690
https://seclists.org/bugtraq/2019/Sep/18
https://security.netapp.com/advisory/ntap-20190823-0001
https://access.redhat.com/errata/RHSA-2019:3131
https://security.netapp.com/advisory/ntap-20190823-0004/
https://go.dev/cl/190137
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ
https://access.redhat.com/errata/RHSA-2019:2955
https://security.netapp.com/advisory/ntap-20190823-0001/
https://access.redhat.com/errata/RHSA-2019:4018
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html
https://access.redhat.com/errata/RHSA-2019:2661
https://www.debian.org/security/2019/dsa-4503
http://www.openwall.com/lists/oss-security/2023/10/18/8
https://access.redhat.com/errata/RHSA-2019:2966
https://support.f5.com/csp/article/K01988340
https://www.debian.org/security/2020/dsa-4669
https://support.f5.com/csp/article/K98053339?utm_source=f5support&amp%3Butm_medium=RSS
https://access.redhat.com/security/cve/CVE-2019-9512
https://security.netapp.com/advisory/ntap-20190823-0004
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/
https://access.redhat.com/errata/RHSA-2019:2766
https://kb.cert.org/vuls/id/605641/
https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E
https://access.redhat.com/errata/RHSA-2020:0727
https://access.redhat.com/errata/RHSA-2019:3906
https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-9512
https://kb.cert.org/vuls/id/605641
https://nvd.nist.gov/vuln/detail/CVE-2019-9514
https://security.netapp.com/advisory/ntap-20190823-0005
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7
https://access.redhat.com/errata/RHSA-2019:4352
https://access.redhat.com/errata/RHSA-2019:2726
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html
https://www.debian.org/security/2019/dsa-4520
https://access.redhat.com/errata/RHSA-2019:3892
https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E
https://support.f5.com/csp/article/K98053339
https://pkg.go.dev/vuln/GO-2022-0536
https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E
https://access.redhat.com/errata/RHSA-2019:2939
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
Uncontrolled Resource Consumption
CWE-400
Allocation of Resources Without Limits or Throttling
CWE-770
EPSS
Base Score:
51.23