Skip to main content

Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2019-9513 | Mondoo Vulnerability Intelligence

CVE-2019-9513

HIGH7.5

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service

Published Aug 13, 2019

Modified 1 years ago

No fix available

Details

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.

References

ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html ADVISORYhttps://access.redhat.com/errata/RHSA-2019:2692 ADVISORYhttps://access.redhat.com/errata/RHSA-2019:2745 ADVISORYhttps://access.redhat.com/errata/RHSA-2019:2746 ADVISORYhttps://access.redhat.com/errata/RHSA-2019:2775 ADVISORYhttps://access.redhat.com/errata/RHSA-2019:2799 ADVISORYhttps://access.redhat.com/errata/RHSA-2019:2925 ADVISORYhttps://access.redhat.com/errata/RHSA-2019:2939 ADVISORYhttps://access.redhat.com/errata/RHSA-2019:2949 ADVISORYhttps://access.redhat.com/errata/RHSA-2019:2955 ADVISORYhttps://access.redhat.com/errata/RHSA-2019:2966 ADVISORYhttps://access.redhat.com/errata/RHSA-2019:3041 ADVISORYhttps://access.redhat.com/errata/RHSA-2019:3932 ADVISORYhttps://access.redhat.com/errata/RHSA-2019:3933 ADVISORYhttps://access.redhat.com/errata/RHSA-2019:3935 WEBhttps://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md ADVISORYhttps://kb.cert.org/vuls/id/605641/WEBhttps://kc.mcafee.com/corporate/index?page=content&id=SB10296 ADVISORYhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/ADVISORYhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/ADVISORYhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/ADVISORYhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/ADVISORYhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/ADVISORYhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/WEBhttps://seclists.org/bugtraq/2019/Aug/40 WEBhttps://seclists.org/bugtraq/2019/Sep/1 WEBhttps://security.netapp.com/advisory/ntap-20190823-0002/WEBhttps://security.netapp.com/advisory/ntap-20190823-0005/WEBhttps://support.f5.com/csp/article/K02591030 WEBhttps://support.f5.com/csp/article/K02591030?utm_source=f5support&amp%3Butm_medium=RSS ADVISORYhttps://usn.ubuntu.com/4099-1/ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2019-9513 ADVISORYhttps://www.debian.org/security/2019/dsa-4505 ADVISORYhttps://www.debian.org/security/2019/dsa-4511 ADVISORYhttps://www.debian.org/security/2020/dsa-4669 WEBhttps://www.oracle.com/security-alerts/cpujan2021.html WEBhttps://www.oracle.com/security-alerts/cpuoct2020.html WEBhttps://www.synology.com/security/advisory/Synology_SA_19_33

CVSS Analysis

CVSS v3.0

7.5

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness Type (CWE)

Resource Management

Resource Exhaustion

Ecosystems

Timeline

PublishedAug 13, 2019

ModifiedAug 4, 2024