CVE-2019-9516

Click the icon to Follow me:- twitterTelegramRedditDiscord

Summary:

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.

Reference Links(if available):

  • https://kb.cert.org/vuls/id/605641/
  • https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
  • https://seclists.org/bugtraq/2019/Aug/24
  • https://usn.ubuntu.com/4099-1/
  • http://seclists.org/fulldisclosure/2019/Aug/16
  • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:C

    v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Links to Exploits(if available)