UBUNTU-CVE-2019-9515

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2019-9515

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-9515.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2019-9515

Upstream

CVE-2019-9515

Downstream

USN-4308-1

USN-4866-1

Related

Published

2019-08-13T00:00:00Z

Modified

2025-10-24T04:47:34Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

References

Affected packages

Ubuntu:16.04:LTS

golang-google-grpc

Package

Name: golang-google-grpc
Purl: pkg:deb/ubuntu/golang-google-grpc@0.0~git20151002.0.3e7b7e5-1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20150514.0.f5ebd86-1

0.0~git20150514.0.f5ebd86-2

0.0~git20151002.0.3e7b7e5-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-google-grpc-dev",
            "binary_version": "0.0~git20151002.0.3e7b7e5-1"
        }
    ]
}

grpc

Package

Name: grpc
Purl: pkg:deb/ubuntu/grpc@0.11.1-1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.10.2-1

0.11.1-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libgrpc-dev",
            "binary_version": "0.11.1-1"
        },
        {
            "binary_name": "libgrpc0",
            "binary_version": "0.11.1-1"
        }
    ]
}

trafficserver

Package

Name: trafficserver
Purl: pkg:deb/ubuntu/trafficserver@5.3.0-2ubuntu2?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.3.0-2ubuntu1

5.3.0-2ubuntu2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "trafficserver",
            "binary_version": "5.3.0-2ubuntu2"
        },
        {
            "binary_name": "trafficserver-dev",
            "binary_version": "5.3.0-2ubuntu2"
        },
        {
            "binary_name": "trafficserver-experimental-plugins",
            "binary_version": "5.3.0-2ubuntu2"
        }
    ]
}

Ubuntu:18.04:LTS

twisted

Package

Name: twisted
Purl: pkg:deb/ubuntu/twisted@17.9.0-2ubuntu0.1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

17.9.0-2ubuntu0.1

Affected versions

16.*

16.6.0-2ubuntu3

17.*

17.9.0-1

17.9.0-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python-twisted",
            "binary_version": "17.9.0-2ubuntu0.1"
        },
        {
            "binary_name": "python-twisted-bin",
            "binary_version": "17.9.0-2ubuntu0.1"
        },
        {
            "binary_name": "python-twisted-conch",
            "binary_version": "1:17.9.0-2ubuntu0.1"
        },
        {
            "binary_name": "python-twisted-core",
            "binary_version": "17.9.0-2ubuntu0.1"
        },
        {
            "binary_name": "python-twisted-mail",
            "binary_version": "17.9.0-2ubuntu0.1"
        },
        {
            "binary_name": "python-twisted-names",
            "binary_version": "17.9.0-2ubuntu0.1"
        },
        {
            "binary_name": "python-twisted-news",
            "binary_version": "17.9.0-2ubuntu0.1"
        },
        {
            "binary_name": "python-twisted-runner",
            "binary_version": "17.9.0-2ubuntu0.1"
        },
        {
            "binary_name": "python-twisted-web",
            "binary_version": "17.9.0-2ubuntu0.1"
        },
        {
            "binary_name": "python-twisted-words",
            "binary_version": "17.9.0-2ubuntu0.1"
        },
        {
            "binary_name": "python3-twisted",
            "binary_version": "17.9.0-2ubuntu0.1"
        },
        {
            "binary_name": "python3-twisted-bin",
            "binary_version": "17.9.0-2ubuntu0.1"
        }
    ],
    "availability": "No subscription required"
}

golang-google-grpc

Package

Name: golang-google-grpc
Purl: pkg:deb/ubuntu/golang-google-grpc@1.6.0-3ubuntu0.18.04.1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.4-1

1.6.0-2

1.6.0-3

1.6.0-3ubuntu0.18.04.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-google-grpc-dev",
            "binary_version": "1.6.0-3ubuntu0.18.04.1"
        }
    ]
}

grpc

Package

Name: grpc
Purl: pkg:deb/ubuntu/grpc@1.3.2-1.1~build1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.2-1

1.3.2-1ubuntu1

1.3.2-1.1~build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libgrpc++-dev",
            "binary_version": "1.3.2-1.1~build1"
        },
        {
            "binary_name": "libgrpc++1",
            "binary_version": "1.3.2-1.1~build1"
        },
        {
            "binary_name": "libgrpc-dev",
            "binary_version": "1.3.2-1.1~build1"
        },
        {
            "binary_name": "libgrpc3",
            "binary_version": "1.3.2-1.1~build1"
        },
        {
            "binary_name": "protobuf-compiler-grpc",
            "binary_version": "1.3.2-1.1~build1"
        }
    ]
}

trafficserver

Package

Name: trafficserver
Purl: pkg:deb/ubuntu/trafficserver@7.1.2+ds-3?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.0.0-5

7.1.2+ds-2

7.1.2+ds-2build1

7.1.2+ds-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "trafficserver",
            "binary_version": "7.1.2+ds-3"
        },
        {
            "binary_name": "trafficserver-dev",
            "binary_version": "7.1.2+ds-3"
        },
        {
            "binary_name": "trafficserver-experimental-plugins",
            "binary_version": "7.1.2+ds-3"
        }
    ]
}

Ubuntu:20.04:LTS

twisted

Package

Name: twisted
Purl: pkg:deb/ubuntu/twisted@18.9.0-6ubuntu1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.9.0-6ubuntu1

Affected versions

18.*

18.9.0-3ubuntu1

18.9.0-5

18.9.0-6

18.9.0-6build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python-twisted",
            "binary_version": "18.9.0-6ubuntu1"
        },
        {
            "binary_name": "python-twisted-bin",
            "binary_version": "18.9.0-6ubuntu1"
        },
        {
            "binary_name": "python-twisted-conch",
            "binary_version": "1:18.9.0-6ubuntu1"
        },
        {
            "binary_name": "python-twisted-core",
            "binary_version": "18.9.0-6ubuntu1"
        },
        {
            "binary_name": "python-twisted-mail",
            "binary_version": "18.9.0-6ubuntu1"
        },
        {
            "binary_name": "python-twisted-names",
            "binary_version": "18.9.0-6ubuntu1"
        },
        {
            "binary_name": "python-twisted-news",
            "binary_version": "18.9.0-6ubuntu1"
        },
        {
            "binary_name": "python-twisted-runner",
            "binary_version": "18.9.0-6ubuntu1"
        },
        {
            "binary_name": "python-twisted-web",
            "binary_version": "18.9.0-6ubuntu1"
        },
        {
            "binary_name": "python-twisted-words",
            "binary_version": "18.9.0-6ubuntu1"
        },
        {
            "binary_name": "python3-twisted",
            "binary_version": "18.9.0-6ubuntu1"
        },
        {
            "binary_name": "python3-twisted-bin",
            "binary_version": "18.9.0-6ubuntu1"
        }
    ],
    "availability": "No subscription required"
}

golang-google-grpc

Package

Name: golang-google-grpc
Purl: pkg:deb/ubuntu/golang-google-grpc@1.22.1-1ubuntu1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.22.1-1ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-google-grpc-dev",
            "binary_version": "1.22.1-1ubuntu1"
        }
    ]
}

grpc

Package

Name: grpc
Purl: pkg:deb/ubuntu/grpc@1.16.1-1ubuntu5?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.16.1-1

1.16.1-1ubuntu1

1.16.1-1ubuntu3

1.16.1-1ubuntu4

1.16.1-1ubuntu5

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libgrpc++-dev",
            "binary_version": "1.16.1-1ubuntu5"
        },
        {
            "binary_name": "libgrpc++1",
            "binary_version": "1.16.1-1ubuntu5"
        },
        {
            "binary_name": "libgrpc-dev",
            "binary_version": "1.16.1-1ubuntu5"
        },
        {
            "binary_name": "libgrpc6",
            "binary_version": "1.16.1-1ubuntu5"
        },
        {
            "binary_name": "protobuf-compiler-grpc",
            "binary_version": "1.16.1-1ubuntu5"
        },
        {
            "binary_name": "python3-grpcio",
            "binary_version": "1.16.1-1ubuntu5"
        },
        {
            "binary_name": "ruby-grpc",
            "binary_version": "1.16.1-1ubuntu5"
        },
        {
            "binary_name": "ruby-grpc-tools",
            "binary_version": "1.16.1-1ubuntu5"
        }
    ]
}

Ubuntu:22.04:LTS

golang-google-grpc

Package

Name: golang-google-grpc
Purl: pkg:deb/ubuntu/golang-google-grpc@1.29.1-0ubuntu1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.29.1-0ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-google-grpc-dev",
            "binary_version": "1.29.1-0ubuntu1"
        }
    ]
}

grpc

Package

Name: grpc
Purl: pkg:deb/ubuntu/grpc@1.30.2-3build6?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.30.2-3

1.30.2-3build1

1.30.2-3build3

1.30.2-3build5

1.30.2-3build6

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libgrpc++-dev",
            "binary_version": "1.30.2-3build6"
        },
        {
            "binary_name": "libgrpc++1",
            "binary_version": "1.30.2-3build6"
        },
        {
            "binary_name": "libgrpc-dev",
            "binary_version": "1.30.2-3build6"
        },
        {
            "binary_name": "libgrpc10",
            "binary_version": "1.30.2-3build6"
        },
        {
            "binary_name": "protobuf-compiler-grpc",
            "binary_version": "1.30.2-3build6"
        },
        {
            "binary_name": "python3-grpcio",
            "binary_version": "1.30.2-3build6"
        },
        {
            "binary_name": "ruby-grpc",
            "binary_version": "1.30.2-3build6"
        },
        {
            "binary_name": "ruby-grpc-tools",
            "binary_version": "1.30.2-3build6"
        }
    ]
}

Ubuntu:24.04:LTS

grpc

Package

Name: grpc
Purl: pkg:deb/ubuntu/grpc@1.51.1-4.1build5?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.51.1-3build3

1.51.1-3build4

1.51.1-4

1.51.1-4build1

1.51.1-4build2

1.51.1-4.1build3

1.51.1-4.1build4

1.51.1-4.1build5

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libgrpc++-dev",
            "binary_version": "1.51.1-4.1build5"
        },
        {
            "binary_name": "libgrpc++1.51t64",
            "binary_version": "1.51.1-4.1build5"
        },
        {
            "binary_name": "libgrpc-dev",
            "binary_version": "1.51.1-4.1build5"
        },
        {
            "binary_name": "libgrpc29t64",
            "binary_version": "1.51.1-4.1build5"
        },
        {
            "binary_name": "protobuf-compiler-grpc",
            "binary_version": "1.51.1-4.1build5"
        },
        {
            "binary_name": "python3-grpcio",
            "binary_version": "1.51.1-4.1build5"
        },
        {
            "binary_name": "ruby-grpc",
            "binary_version": "1.51.1-4.1build5"
        },
        {
            "binary_name": "ruby-grpc-tools",
            "binary_version": "1.51.1-4.1build5"
        }
    ]
}

Ubuntu:25.04

golang-google-grpc

Package

Name: golang-google-grpc
Purl: pkg:deb/ubuntu/golang-google-grpc@1.64.0-6?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.64.0-6

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-google-grpc-dev",
            "binary_version": "1.64.0-6"
        },
        {
            "binary_name": "protoc-gen-go-grpc",
            "binary_version": "1.64.0-6"
        }
    ]
}

grpc

Package

Name: grpc
Purl: pkg:deb/ubuntu/grpc@1.51.1-6?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.51.1-4.1ubuntu1

1.51.1-5

1.51.1-5build1

1.51.1-5build2

1.51.1-6

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libgrpc++-dev",
            "binary_version": "1.51.1-6"
        },
        {
            "binary_name": "libgrpc++1.51t64",
            "binary_version": "1.51.1-6"
        },
        {
            "binary_name": "libgrpc-dev",
            "binary_version": "1.51.1-6"
        },
        {
            "binary_name": "libgrpc29t64",
            "binary_version": "1.51.1-6"
        },
        {
            "binary_name": "protobuf-compiler-grpc",
            "binary_version": "1.51.1-6"
        },
        {
            "binary_name": "python3-grpcio",
            "binary_version": "1.51.1-6"
        },
        {
            "binary_name": "ruby-grpc",
            "binary_version": "1.51.1-6"
        },
        {
            "binary_name": "ruby-grpc-tools",
            "binary_version": "1.51.1-6"
        }
    ]
}

Ubuntu:25.10

golang-google-grpc

Package

Name: golang-google-grpc
Purl: pkg:deb/ubuntu/golang-google-grpc@1.64.0-7?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.64.0-6

1.64.0-7

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-google-grpc-dev",
            "binary_version": "1.64.0-7"
        },
        {
            "binary_name": "protoc-gen-go-grpc",
            "binary_version": "1.64.0-7"
        }
    ]
}

grpc

Package

Name: grpc
Purl: pkg:deb/ubuntu/grpc@1.51.1-6build1?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.51.1-6

1.51.1-6build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libgrpc++-dev",
            "binary_version": "1.51.1-6build1"
        },
        {
            "binary_name": "libgrpc++1.51t64",
            "binary_version": "1.51.1-6build1"
        },
        {
            "binary_name": "libgrpc-dev",
            "binary_version": "1.51.1-6build1"
        },
        {
            "binary_name": "libgrpc29t64",
            "binary_version": "1.51.1-6build1"
        },
        {
            "binary_name": "protobuf-compiler-grpc",
            "binary_version": "1.51.1-6build1"
        },
        {
            "binary_name": "python3-grpcio",
            "binary_version": "1.51.1-6build1"
        },
        {
            "binary_name": "ruby-grpc",
            "binary_version": "1.51.1-6build1"
        },
        {
            "binary_name": "ruby-grpc-tools",
            "binary_version": "1.51.1-6build1"
        }
    ]
}

Ubuntu:Pro:18.04:LTS

h2o

Package

Name: h2o
Purl: pkg:deb/ubuntu/h2o@2.2.4+dfsg-1ubuntu0.1~esm2?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.3+dfsg-2

2.2.4+dfsg-1

2.2.4+dfsg-1build1

2.2.4+dfsg-1ubuntu0.1~esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "h2o",
            "binary_version": "2.2.4+dfsg-1ubuntu0.1~esm2"
        },
        {
            "binary_name": "libh2o-dev",
            "binary_version": "2.2.4+dfsg-1ubuntu0.1~esm2"
        },
        {
            "binary_name": "libh2o-dev-common",
            "binary_version": "2.2.4+dfsg-1ubuntu0.1~esm2"
        },
        {
            "binary_name": "libh2o-evloop-dev",
            "binary_version": "2.2.4+dfsg-1ubuntu0.1~esm2"
        },
        {
            "binary_name": "libh2o-evloop0.13",
            "binary_version": "2.2.4+dfsg-1ubuntu0.1~esm2"
        },
        {
            "binary_name": "libh2o0.13",
            "binary_version": "2.2.4+dfsg-1ubuntu0.1~esm2"
        }
    ]
}

netty

Package

Name: netty
Purl: pkg:deb/ubuntu/netty@1:4.1.7-4ubuntu0.1+esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:4.1.7-4ubuntu0.1+esm1

Affected versions

1:4.*

1:4.1.7-4

1:4.1.7-4ubuntu0.1~esm1

1:4.1.7-4ubuntu0.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libnetty-java",
            "binary_version": "1:4.1.7-4ubuntu0.1+esm1"
        }
    ],
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}

Ubuntu:Pro:24.04:LTS

golang-google-grpc

Package

Name: golang-google-grpc
Purl: pkg:deb/ubuntu/golang-google-grpc@1.38.0+really1.33.3-1ubuntu0.24.04.3+esm1?arch=source&distro=esm-apps/noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.38.0+really1.33.3-1build1

1.38.0+really1.33.3-1ubuntu0.24.04.1

1.38.0+really1.33.3-1ubuntu0.24.04.2

1.38.0+really1.33.3-1ubuntu0.24.04.2+esm1

1.38.0+really1.33.3-1ubuntu0.24.04.3

1.38.0+really1.33.3-1ubuntu0.24.04.3+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "golang-google-grpc-dev",
            "binary_version": "1.38.0+really1.33.3-1ubuntu0.24.04.3+esm1"
        },
        {
            "binary_name": "protoc-gen-go-grpc",
            "binary_version": "1.38.0+really1.33.3-1ubuntu0.24.04.3+esm1"
        }
    ]
}