CVE-2019-9512 HIGH

CVE-2019-9512: Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service

Vendor N/A
Product n/a
Weakness CWE-400
Published August 13, 2019
Last update August 4, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

Key dates

02Disclosure timeline

August 13, 2019 CVE published
August 4, 2024 Record updated