CVE-2019-9514

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-9514
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-9514.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-9514
Aliases
Downstream
Related
Published
2019-08-13T21:15:12.443Z
Modified
2026-05-12T04:03:39.171761Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RSTSTREAM frames from the peer. Depending on how the peer queues the RSTSTREAM frames, this can consume excess memory, CPU, or both.

Database specific 
{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "1.0.0"
                },
                {
                    "last_affected": "1.4.0"
                }
            ],
            "cpe": "cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "introduced": "11.6.1"
                },
                {
                    "fixed": "11.6.5.1"
                },
                {
                    "introduced": "12.1.0"
                },
                {
                    "fixed": "12.1.5.1"
                },
                {
                    "introduced": "13.1.0"
                },
                {
                    "fixed": "13.1.3.2"
                },
                {
                    "introduced": "14.0.0"
                },
                {
                    "fixed": "14.0.1.1"
                },
                {
                    "introduced": "14.1.0"
                },
                {
                    "fixed": "14.1.2.1"
                },
                {
                    "introduced": "15.0.0"
                },
                {
                    "fixed": "15.0.1.1"
                }
            ],
            "cpe": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "introduced": "7.7.2.0"
                },
                {
                    "fixed": "7.7.2.24"
                },
                {
                    "introduced": "7.8.2.0"
                },
                {
                    "fixed": "7.8.2.13"
                },
                {
                    "introduced": "8.1.0"
                },
                {
                    "fixed": "8.2.0"
                }
            ],
            "cpe": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "introduced": "8.0.0"
                },
                {
                    "last_affected": "8.8.1"
                },
                {
                    "introduced": "10.0.0"
                },
                {
                    "last_affected": "10.12.0"
                },
                {
                    "introduced": "12.0.0"
                },
                {
                    "fixed": "12.8.1"
                }
            ],
            "cpe": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "introduced": "8.9.0"
                },
                {
                    "fixed": "8.16.1"
                },
                {
                    "introduced": "10.13.0"
                },
                {
                    "fixed": "10.16.3"
                }
            ],
            "cpe": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "19.2.0"
                }
            ],
            "cpe": "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "1.0"
                }
            ],
            "cpe": "cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "1.0"
                }
            ],
            "cpe": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.2.0"
                }
            ],
            "cpe": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.3.0"
                }
            ],
            "cpe": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "3.10"
                }
            ],
            "cpe": "cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "3.11"
                }
            ],
            "cpe": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "3.9"
                }
            ],
            "cpe": "cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "1.0"
                }
            ],
            "cpe": "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "14"
                }
            ],
            "cpe": "cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "7.3"
                }
            ],
            "cpe": "cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "1.0"
                }
            ],
            "cpe": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "16.04"
                }
            ],
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "18.04"
                }
            ],
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "19.04"
                }
            ],
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "29"
                }
            ],
            "cpe": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "30"
                }
            ],
            "cpe": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "15.0"
                }
            ],
            "cpe": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "15.1"
                }
            ],
            "cpe": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/apache/trafficserver

Affected ranges

Type
GIT
Repo
https://github.com/apache/trafficserver
Events
Introduced
27f8e2cda9133864e6ffae0224c799fde5f10290
Last affected
eaed59510bda6f1d27854d9d3f07aace2afffc16
Introduced
6c1c6cf20e7d0e287d697a0f4181436013d17c30
Last affected
e249f4a2c70ead73b281948459eb6369b3cbfaa4
Introduced
b310e3566f58dd04ec2b15b111ec86ea70e20019
Last affected
e92757040355baa6edc8896564e2e49d5232e149
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3fa146678bc6a061722f4ea930998ae29ad70de3
Last affected
b14030656330ed623cd1f9efe2f4f9abd9d16e29
Last affected
a57be23251358e6ac97442ebde3dae8d95d94846
Last affected
2b0351f43d64a2fd69c7f95d81df4a163826999d
Last affected
a1f0b7d4223064638b3eb4022c47a5964fa9e665
Last affected
65522291f233179e0801cea2d0355120843ce025
Last affected
b310e3566f58dd04ec2b15b111ec86ea70e20019
Last affected
72c03baa83e0736e4d3fc90880642c2f5593ecf2
Last affected
6c1c6cf20e7d0e287d697a0f4181436013d17c30
Database specific 
{
    "extracted_events": [
        {
            "introduced": "6.0.0"
        },
        {
            "last_affected": "6.2.3"
        },
        {
            "introduced": "7.0.0"
        },
        {
            "last_affected": "7.1.6"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "last_affected": "8.0.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0"
        },
        {
            "last_affected": "9.0"
        },
        {
            "last_affected": "6.2"
        },
        {
            "last_affected": "4.1"
        },
        {
            "last_affected": "4.2"
        },
        {
            "last_affected": "3.0.0"
        },
        {
            "last_affected": "8.0"
        },
        {
            "last_affected": "8.1"
        },
        {
            "last_affected": "7.0"
        }
    ],
    "cpe": [
        "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
        "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
        "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
        "cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
        "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
        "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
        "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
        "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"
    ],
    "source": "CPE_FIELD"
}

Affected versions

10.*
10.0.0
10.0.0-rc0
3.*
3.0.0
3.1.2
3.3.0
3.3.1
4.*
4.1.0
4.2.0
4.2.0-rc0
4.2.0-rc1
6.*
6.2.0
6.2.0-rc0
6.2.0-rc1
6.2.0-rc2
6.2.0-rc3
6.2.1
6.2.1-rc0
6.2.2
6.2.2-rc0
6.2.3
6.2.3-rc0
7.*
7.0.0
7.1.0
7.1.0-rc0
7.1.0-rc1
7.1.1
7.1.1-rc0
7.1.1-rc1
7.1.2
7.1.2-rc0
7.1.2-rc1
7.1.2-rc2
7.1.2-rc3
7.1.2-rc4
7.1.3
7.1.3-rc0
7.1.4
7.1.4-rc0
7.1.4-rc1
7.1.5
7.1.5-rc0
7.1.5-rc1
7.1.6
7.1.6-rc0
7.1.6-rc1
8.*
8.0.0
8.0.0-rc4
8.0.1
8.0.1-rc0
8.0.2
8.0.2-rc0
8.0.3
8.0.3-rc0
8.0.4
8.0.4-rc0
8.0.5
8.0.6
8.0.6-rc0
8.0.6-rc1
8.1.0
8.1.0-rc0
9.*
9.0.0
9.0.0-rc0
9.0.0-rc1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-9514.json"