Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceCVE-2019-9512

CVE-2019-9512

HIGH7.5

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service

Published Aug 13, 2019

Modified 1 years ago

Details

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

References(66)

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html

http://seclists.org/fulldisclosure/2019/Aug/16

http://www.openwall.com/lists/oss-security/2019/08/20/1

https://access.redhat.com/errata/RHSA-2019:2594

https://access.redhat.com/errata/RHSA-2019:2661

https://access.redhat.com/errata/RHSA-2019:2682

https://access.redhat.com/errata/RHSA-2019:2690

https://access.redhat.com/errata/RHSA-2019:2726

https://access.redhat.com/errata/RHSA-2019:2766

https://access.redhat.com/errata/RHSA-2019:2769

https://access.redhat.com/errata/RHSA-2019:2796

https://access.redhat.com/errata/RHSA-2019:2861

https://access.redhat.com/errata/RHSA-2019:2925

https://access.redhat.com/errata/RHSA-2019:2939

https://access.redhat.com/errata/RHSA-2019:2955

https://access.redhat.com/errata/RHSA-2019:2966

https://access.redhat.com/errata/RHSA-2019:3131

https://access.redhat.com/errata/RHSA-2019:3245

https://access.redhat.com/errata/RHSA-2019:3265

CVSS Analysis

CVSS v3.1

7.5

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness Type (CWE)

Resource Management

Resource Exhaustion

Ecosystems

Timeline

PublishedAug 13, 2019

ModifiedAug 4, 2024

CVE-2019-9512 | Mondoo Vulnerability Intelligence