CVE-2019-9513

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-9513
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-9513.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-9513
Downstream
Related
Published
2019-08-13T21:15:12.380Z
Modified
2026-02-24T11:33:55.328968Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.

References

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type
GIT
Repo
https://github.com/nodejs/node
Events
Introduced
2f45ad8060e13d5ac912335096d21526f2f9602b
Fixed
787378879acfb212ed4ff824bf9f767a24a5cb43
Introduced
ab4af087e83d91a46354d765306d3543b1d85423
Fixed
75657ee41677d56a498e298b01d049aef5bf199f
Introduced
f6fc46e03674ab1896792b7363ecac0665b5e0c5
Fixed
eb66efd6052801e2f10360c51787569da0185808
Introduced
f76ce0a75641991bfc235775a4747c978e0e281b
Fixed
5744b466c45d5324c60f122b02681813d4496749

Affected versions

v10.*
v10.13.0
v10.14.0
v10.14.1
v10.14.2
v10.15.0
v10.15.1
v10.15.2
v10.15.3
v10.16.0
v10.16.1
v10.16.2
v12.*
v12.0.0
v12.1.0
v12.2.0
v12.3.0
v12.3.1
v12.4.0
v12.5.0
v12.6.0
v12.7.0
v12.8.0
v8.*
v8.1.0
v8.1.1
v8.1.2
v8.1.3
v8.1.4

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-9513.json"