UBUNTU-CVE-2019-9515

Source
https://ubuntu.com/security/CVE-2019-9515
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-9515.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-9515
Related
Published
2019-08-13T00:00:00Z
Modified
2024-11-20T12:26:29Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

References

Affected packages

Ubuntu:Pro:16.04:LTS / golang-google-grpc

Package

Name
golang-google-grpc
Purl
pkg:deb/ubuntu/golang-google-grpc?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20150514.0.f5ebd86-1
0.0~git20150514.0.f5ebd86-2
0.0~git20151002.0.3e7b7e5-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / grpc

Package

Name
grpc
Purl
pkg:deb/ubuntu/grpc?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.10.2-1
0.11.1-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / trafficserver

Package

Name
trafficserver
Purl
pkg:deb/ubuntu/trafficserver?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.3.0-2ubuntu1
5.3.0-2ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:18.04:LTS / twisted

Package

Name
twisted
Purl
pkg:deb/ubuntu/twisted?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.9.0-2ubuntu0.1

Affected versions

16.*

16.6.0-2ubuntu3

17.*

17.9.0-1
17.9.0-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "17.9.0-2ubuntu0.1",
            "binary_name": "python-twisted"
        },
        {
            "binary_version": "17.9.0-2ubuntu0.1",
            "binary_name": "python-twisted-bin"
        },
        {
            "binary_version": "17.9.0-2ubuntu0.1",
            "binary_name": "python-twisted-bin-dbg"
        },
        {
            "binary_version": "1:17.9.0-2ubuntu0.1",
            "binary_name": "python-twisted-conch"
        },
        {
            "binary_version": "17.9.0-2ubuntu0.1",
            "binary_name": "python-twisted-core"
        },
        {
            "binary_version": "17.9.0-2ubuntu0.1",
            "binary_name": "python-twisted-mail"
        },
        {
            "binary_version": "17.9.0-2ubuntu0.1",
            "binary_name": "python-twisted-names"
        },
        {
            "binary_version": "17.9.0-2ubuntu0.1",
            "binary_name": "python-twisted-news"
        },
        {
            "binary_version": "17.9.0-2ubuntu0.1",
            "binary_name": "python-twisted-runner"
        },
        {
            "binary_version": "17.9.0-2ubuntu0.1",
            "binary_name": "python-twisted-runner-dbg"
        },
        {
            "binary_version": "17.9.0-2ubuntu0.1",
            "binary_name": "python-twisted-web"
        },
        {
            "binary_version": "17.9.0-2ubuntu0.1",
            "binary_name": "python-twisted-words"
        },
        {
            "binary_version": "17.9.0-2ubuntu0.1",
            "binary_name": "python3-twisted"
        },
        {
            "binary_version": "17.9.0-2ubuntu0.1",
            "binary_name": "python3-twisted-bin"
        },
        {
            "binary_version": "17.9.0-2ubuntu0.1",
            "binary_name": "python3-twisted-bin-dbg"
        },
        {
            "binary_version": "17.9.0-2ubuntu0.1",
            "binary_name": "twisted-doc"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / golang-google-grpc

Package

Name
golang-google-grpc
Purl
pkg:deb/ubuntu/golang-google-grpc?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.4-1
1.6.0-2
1.6.0-3
1.6.0-3ubuntu0.18.04.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / grpc

Package

Name
grpc
Purl
pkg:deb/ubuntu/grpc?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.2-1
1.3.2-1ubuntu1
1.3.2-1.1~build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / h2o

Package

Name
h2o
Purl
pkg:deb/ubuntu/h2o?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.3+dfsg-2
2.2.4+dfsg-1
2.2.4+dfsg-1build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / netty

Package

Name
netty
Purl
pkg:deb/ubuntu/netty?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:4.1.7-4ubuntu0.1+esm1

Affected versions

1:4.*

1:4.1.7-4
1:4.1.7-4ubuntu0.1~esm1
1:4.1.7-4ubuntu0.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1:4.1.7-4ubuntu0.1+esm1",
            "binary_name": "libnetty-java"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / trafficserver

Package

Name
trafficserver
Purl
pkg:deb/ubuntu/trafficserver?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.0.0-5
7.1.2+ds-2
7.1.2+ds-2build1
7.1.2+ds-3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / golang-google-grpc

Package

Name
golang-google-grpc
Purl
pkg:deb/ubuntu/golang-google-grpc?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.22.1-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / grpc

Package

Name
grpc
Purl
pkg:deb/ubuntu/grpc?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.16.1-1
1.16.1-1ubuntu1
1.16.1-1ubuntu3
1.16.1-1ubuntu4
1.16.1-1ubuntu5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / h2o

Package

Name
h2o
Purl
pkg:deb/ubuntu/h2o?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.5+dfsg2-3

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.2.5+dfsg2-3",
            "binary_name": "h2o"
        },
        {
            "binary_version": "2.2.5+dfsg2-3",
            "binary_name": "h2o-dbgsym"
        },
        {
            "binary_version": "2.2.5+dfsg2-3",
            "binary_name": "h2o-doc"
        },
        {
            "binary_version": "2.2.5+dfsg2-3",
            "binary_name": "libh2o-dev"
        },
        {
            "binary_version": "2.2.5+dfsg2-3",
            "binary_name": "libh2o-dev-common"
        },
        {
            "binary_version": "2.2.5+dfsg2-3",
            "binary_name": "libh2o-evloop-dev"
        },
        {
            "binary_version": "2.2.5+dfsg2-3",
            "binary_name": "libh2o-evloop0.13"
        },
        {
            "binary_version": "2.2.5+dfsg2-3",
            "binary_name": "libh2o-evloop0.13-dbgsym"
        },
        {
            "binary_version": "2.2.5+dfsg2-3",
            "binary_name": "libh2o0.13"
        },
        {
            "binary_version": "2.2.5+dfsg2-3",
            "binary_name": "libh2o0.13-dbgsym"
        }
    ]
}

Ubuntu:20.04:LTS / netty

Package

Name
netty
Purl
pkg:deb/ubuntu/netty?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:4.*

1:4.1.33-1
1:4.1.33-2
1:4.1.33-3
1:4.1.45-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / trafficserver

Package

Name
trafficserver
Purl
pkg:deb/ubuntu/trafficserver?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.5+ds-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "8.0.5+ds-1",
            "binary_name": "trafficserver"
        },
        {
            "binary_version": "8.0.5+ds-1",
            "binary_name": "trafficserver-dbgsym"
        },
        {
            "binary_version": "8.0.5+ds-1",
            "binary_name": "trafficserver-dev"
        },
        {
            "binary_version": "8.0.5+ds-1",
            "binary_name": "trafficserver-experimental-plugins"
        },
        {
            "binary_version": "8.0.5+ds-1",
            "binary_name": "trafficserver-experimental-plugins-dbgsym"
        }
    ]
}

Ubuntu:20.04:LTS / twisted

Package

Name
twisted
Purl
pkg:deb/ubuntu/twisted?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
18.9.0-6ubuntu1

Affected versions

18.*

18.9.0-3ubuntu1
18.9.0-5
18.9.0-6
18.9.0-6build1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "18.9.0-6ubuntu1",
            "binary_name": "python-twisted"
        },
        {
            "binary_version": "18.9.0-6ubuntu1",
            "binary_name": "python-twisted-bin"
        },
        {
            "binary_version": "18.9.0-6ubuntu1",
            "binary_name": "python-twisted-bin-dbg"
        },
        {
            "binary_version": "1:18.9.0-6ubuntu1",
            "binary_name": "python-twisted-conch"
        },
        {
            "binary_version": "18.9.0-6ubuntu1",
            "binary_name": "python-twisted-core"
        },
        {
            "binary_version": "18.9.0-6ubuntu1",
            "binary_name": "python-twisted-mail"
        },
        {
            "binary_version": "18.9.0-6ubuntu1",
            "binary_name": "python-twisted-names"
        },
        {
            "binary_version": "18.9.0-6ubuntu1",
            "binary_name": "python-twisted-news"
        },
        {
            "binary_version": "18.9.0-6ubuntu1",
            "binary_name": "python-twisted-runner"
        },
        {
            "binary_version": "18.9.0-6ubuntu1",
            "binary_name": "python-twisted-runner-dbg"
        },
        {
            "binary_version": "18.9.0-6ubuntu1",
            "binary_name": "python-twisted-web"
        },
        {
            "binary_version": "18.9.0-6ubuntu1",
            "binary_name": "python-twisted-words"
        },
        {
            "binary_version": "18.9.0-6ubuntu1",
            "binary_name": "python3-twisted"
        },
        {
            "binary_version": "18.9.0-6ubuntu1",
            "binary_name": "python3-twisted-bin"
        },
        {
            "binary_version": "18.9.0-6ubuntu1",
            "binary_name": "python3-twisted-bin-dbg"
        },
        {
            "binary_version": "18.9.0-6ubuntu1",
            "binary_name": "twisted-doc"
        }
    ]
}

Ubuntu:22.04:LTS / golang-google-grpc

Package

Name
golang-google-grpc
Purl
pkg:deb/ubuntu/golang-google-grpc?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.29.1-0ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / grpc

Package

Name
grpc
Purl
pkg:deb/ubuntu/grpc?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.30.2-3
1.30.2-3build1
1.30.2-3build3
1.30.2-3build5
1.30.2-3build6

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / netty

Package

Name
netty
Purl
pkg:deb/ubuntu/netty?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:4.*

1:4.1.48-4
1:4.1.48-4+deb11u1build0.22.04.1
1:4.1.48-4+deb11u2build0.22.04.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / golang-google-grpc

Package

Name
golang-google-grpc
Purl
pkg:deb/ubuntu/golang-google-grpc?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.38.0+really1.33.3-1build1
1.64.0-6

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / grpc

Package

Name
grpc
Purl
pkg:deb/ubuntu/grpc?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.51.1-4.1build5
1.51.1-4.1build6
1.51.1-4.1build8
1.51.1-4.1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / netty

Package

Name
netty
Purl
pkg:deb/ubuntu/netty?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:4.*

1:4.1.48-9
1:4.1.48-10

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / golang-google-grpc

Package

Name
golang-google-grpc
Purl
pkg:deb/ubuntu/golang-google-grpc?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.38.0+really1.33.3-1build1
1.38.0+really1.33.3-1ubuntu0.24.04.1
1.38.0+really1.33.3-1ubuntu0.24.04.2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / grpc

Package

Name
grpc
Purl
pkg:deb/ubuntu/grpc?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.51.1-3build3
1.51.1-3build4
1.51.1-4
1.51.1-4build1
1.51.1-4build2
1.51.1-4.1build3
1.51.1-4.1build4
1.51.1-4.1build5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / netty

Package

Name
netty
Purl
pkg:deb/ubuntu/netty?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:4.*

1:4.1.48-7
1:4.1.48-8
1:4.1.48-9

Ecosystem specific

{
    "ubuntu_priority": "medium"
}