Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-9512 (GCVE-0-2019-9512)
Vulnerability from cvelistv5 – Published: 2019-08-13 20:50 – Updated: 2024-08-04 21:54
VLAI
EPSS
Title
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service
Summary
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Severity
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
65 references
Credits
Thanks to Jonathan Looney of Netflix for reporting this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#605641",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"name": "[trafficserver-dev] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E"
},
{
"name": "[trafficserver-users] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E"
},
{
"name": "[trafficserver-announce] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E"
},
{
"name": "20190814 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/24"
},
{
"name": "20190816 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/16"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
},
{
"name": "20190819 [SECURITY] [DSA 4503-1] golang-1.11 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/31"
},
{
"name": "DSA-4503",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4503"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K98053339"
},
{
"name": "[oss-security] 20190819 [ANNOUNCE] Security release of Kubernetes v1.15.3, v1.14.6, v1.13.10 - CVE-2019-9512 and CVE-2019-9514",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/20/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0004/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"name": "openSUSE-SU-2019:2000",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html"
},
{
"name": "FEDORA-2019-5a6a7bc12c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"
},
{
"name": "FEDORA-2019-6a2980de56",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"
},
{
"name": "20190825 [SECURITY] [DSA 4508-1] h2o security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/43"
},
{
"name": "DSA-4508",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4508"
},
{
"name": "openSUSE-SU-2019:2056",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"
},
{
"name": "openSUSE-SU-2019:2072",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"
},
{
"name": "FEDORA-2019-55d101a740",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/"
},
{
"name": "FEDORA-2019-65db7ad6c7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/"
},
{
"name": "openSUSE-SU-2019:2085",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html"
},
{
"name": "RHSA-2019:2682",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2682"
},
{
"name": "DSA-4520",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4520"
},
{
"name": "RHSA-2019:2726",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2726"
},
{
"name": "20190910 [SECURITY] [DSA 4520-1] trafficserver security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Sep/18"
},
{
"name": "RHSA-2019:2594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2594"
},
{
"name": "openSUSE-SU-2019:2114",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"name": "openSUSE-SU-2019:2115",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"name": "RHSA-2019:2661",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2661"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"name": "RHSA-2019:2690",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2690"
},
{
"name": "RHSA-2019:2766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2766"
},
{
"name": "openSUSE-SU-2019:2130",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html"
},
{
"name": "RHSA-2019:2796",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2796"
},
{
"name": "RHSA-2019:2861",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2861"
},
{
"name": "RHSA-2019:2925",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"name": "RHSA-2019:2939",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"name": "RHSA-2019:2955",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"name": "RHSA-2019:2966",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K98053339?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "RHSA-2019:3131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3131"
},
{
"name": "RHSA-2019:2769",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2769"
},
{
"name": "RHSA-2019:3245",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3245"
},
{
"name": "RHSA-2019:3265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3265"
},
{
"name": "RHSA-2019:3892",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"name": "RHSA-2019:3906",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3906"
},
{
"name": "RHSA-2019:4018",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4018"
},
{
"name": "RHSA-2019:4019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4019"
},
{
"name": "RHSA-2019:4021",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4021"
},
{
"name": "RHSA-2019:4020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4020"
},
{
"name": "RHSA-2019:4045",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4045"
},
{
"name": "RHSA-2019:4042",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4042"
},
{
"name": "RHSA-2019:4040",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4040"
},
{
"name": "RHSA-2019:4041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4041"
},
{
"name": "RHSA-2019:4269",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4269"
},
{
"name": "RHSA-2019:4273",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4273"
},
{
"name": "RHSA-2019:4352",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4352"
},
{
"name": "RHSA-2020:0406",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0406"
},
{
"name": "RHSA-2020:0727",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
},
{
"name": "USN-4308-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4308-1/"
},
{
"name": "[debian-lts-announce] 20201208 [SECURITY] [DLA 2485-1] golang-golang-x-net-dev security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Jonathan Looney of Netflix for reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"value": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-08T23:06:27.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#605641",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"name": "[trafficserver-dev] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E"
},
{
"name": "[trafficserver-users] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E"
},
{
"name": "[trafficserver-announce] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E"
},
{
"name": "20190814 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/24"
},
{
"name": "20190816 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/16"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
},
{
"name": "20190819 [SECURITY] [DSA 4503-1] golang-1.11 security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/31"
},
{
"name": "DSA-4503",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4503"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K98053339"
},
{
"name": "[oss-security] 20190819 [ANNOUNCE] Security release of Kubernetes v1.15.3, v1.14.6, v1.13.10 - CVE-2019-9512 and CVE-2019-9514",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/20/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0004/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"name": "openSUSE-SU-2019:2000",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html"
},
{
"name": "FEDORA-2019-5a6a7bc12c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"
},
{
"name": "FEDORA-2019-6a2980de56",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"
},
{
"name": "20190825 [SECURITY] [DSA 4508-1] h2o security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/43"
},
{
"name": "DSA-4508",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4508"
},
{
"name": "openSUSE-SU-2019:2056",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"
},
{
"name": "openSUSE-SU-2019:2072",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"
},
{
"name": "FEDORA-2019-55d101a740",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/"
},
{
"name": "FEDORA-2019-65db7ad6c7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/"
},
{
"name": "openSUSE-SU-2019:2085",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html"
},
{
"name": "RHSA-2019:2682",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2682"
},
{
"name": "DSA-4520",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4520"
},
{
"name": "RHSA-2019:2726",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2726"
},
{
"name": "20190910 [SECURITY] [DSA 4520-1] trafficserver security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Sep/18"
},
{
"name": "RHSA-2019:2594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2594"
},
{
"name": "openSUSE-SU-2019:2114",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"name": "openSUSE-SU-2019:2115",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"name": "RHSA-2019:2661",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2661"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"name": "RHSA-2019:2690",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2690"
},
{
"name": "RHSA-2019:2766",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2766"
},
{
"name": "openSUSE-SU-2019:2130",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html"
},
{
"name": "RHSA-2019:2796",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2796"
},
{
"name": "RHSA-2019:2861",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2861"
},
{
"name": "RHSA-2019:2925",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"name": "RHSA-2019:2939",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"name": "RHSA-2019:2955",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"name": "RHSA-2019:2966",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K98053339?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "RHSA-2019:3131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3131"
},
{
"name": "RHSA-2019:2769",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2769"
},
{
"name": "RHSA-2019:3245",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3245"
},
{
"name": "RHSA-2019:3265",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3265"
},
{
"name": "RHSA-2019:3892",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"name": "RHSA-2019:3906",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3906"
},
{
"name": "RHSA-2019:4018",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4018"
},
{
"name": "RHSA-2019:4019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4019"
},
{
"name": "RHSA-2019:4021",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4021"
},
{
"name": "RHSA-2019:4020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4020"
},
{
"name": "RHSA-2019:4045",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4045"
},
{
"name": "RHSA-2019:4042",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4042"
},
{
"name": "RHSA-2019:4040",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4040"
},
{
"name": "RHSA-2019:4041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4041"
},
{
"name": "RHSA-2019:4269",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4269"
},
{
"name": "RHSA-2019:4273",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4273"
},
{
"name": "RHSA-2019:4352",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4352"
},
{
"name": "RHSA-2020:0406",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0406"
},
{
"name": "RHSA-2020:0727",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
},
{
"name": "USN-4308-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4308-1/"
},
{
"name": "[debian-lts-announce] 20201208 [SECURITY] [DLA 2485-1] golang-golang-x-net-dev security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "HTTP/2 Ping Flood",
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9512",
"STATE": "PUBLIC",
"TITLE": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Jonathan Looney of Netflix for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#605641",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"refsource": "MISC",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"name": "[trafficserver-dev] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E"
},
{
"name": "[trafficserver-users] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E"
},
{
"name": "[trafficserver-announce] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E"
},
{
"name": "20190814 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/24"
},
{
"name": "20190816 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/16"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_19_33",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
},
{
"name": "20190819 [SECURITY] [DSA 4503-1] golang-1.11 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/31"
},
{
"name": "DSA-4503",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4503"
},
{
"name": "https://support.f5.com/csp/article/K98053339",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K98053339"
},
{
"name": "[oss-security] 20190819 [ANNOUNCE] Security release of Kubernetes v1.15.3, v1.14.6, v1.13.10 - CVE-2019-9512 and CVE-2019-9514",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/08/20/1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190823-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190823-0001/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190823-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190823-0004/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190823-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"name": "openSUSE-SU-2019:2000",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html"
},
{
"name": "FEDORA-2019-5a6a7bc12c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"
},
{
"name": "FEDORA-2019-6a2980de56",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"
},
{
"name": "20190825 [SECURITY] [DSA 4508-1] h2o security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/43"
},
{
"name": "DSA-4508",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4508"
},
{
"name": "openSUSE-SU-2019:2056",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"
},
{
"name": "openSUSE-SU-2019:2072",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"
},
{
"name": "FEDORA-2019-55d101a740",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/"
},
{
"name": "FEDORA-2019-65db7ad6c7",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/"
},
{
"name": "openSUSE-SU-2019:2085",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html"
},
{
"name": "RHSA-2019:2682",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2682"
},
{
"name": "DSA-4520",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4520"
},
{
"name": "RHSA-2019:2726",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2726"
},
{
"name": "20190910 [SECURITY] [DSA 4520-1] trafficserver security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/18"
},
{
"name": "RHSA-2019:2594",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2594"
},
{
"name": "openSUSE-SU-2019:2114",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"name": "openSUSE-SU-2019:2115",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"name": "RHSA-2019:2661",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2661"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"name": "RHSA-2019:2690",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2690"
},
{
"name": "RHSA-2019:2766",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2766"
},
{
"name": "openSUSE-SU-2019:2130",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html"
},
{
"name": "RHSA-2019:2796",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2796"
},
{
"name": "RHSA-2019:2861",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2861"
},
{
"name": "RHSA-2019:2925",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"name": "RHSA-2019:2939",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"name": "RHSA-2019:2955",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"name": "RHSA-2019:2966",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
},
{
"name": "https://support.f5.com/csp/article/K98053339?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K98053339?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "RHSA-2019:3131",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3131"
},
{
"name": "RHSA-2019:2769",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2769"
},
{
"name": "RHSA-2019:3245",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3245"
},
{
"name": "RHSA-2019:3265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3265"
},
{
"name": "RHSA-2019:3892",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"name": "RHSA-2019:3906",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3906"
},
{
"name": "RHSA-2019:4018",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4018"
},
{
"name": "RHSA-2019:4019",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4019"
},
{
"name": "RHSA-2019:4021",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4021"
},
{
"name": "RHSA-2019:4020",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4020"
},
{
"name": "RHSA-2019:4045",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4045"
},
{
"name": "RHSA-2019:4042",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4042"
},
{
"name": "RHSA-2019:4040",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4040"
},
{
"name": "RHSA-2019:4041",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4041"
},
{
"name": "RHSA-2019:4269",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4269"
},
{
"name": "RHSA-2019:4273",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4273"
},
{
"name": "RHSA-2019:4352",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4352"
},
{
"name": "RHSA-2020:0406",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0406"
},
{
"name": "RHSA-2020:0727",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
},
{
"name": "USN-4308-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4308-1/"
},
{
"name": "[debian-lts-announce] 20201208 [SECURITY] [DLA 2485-1] golang-golang-x-net-dev security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9512",
"datePublished": "2019-08-13T20:50:59.000Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:44.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-9512",
"date": "2026-05-27",
"epss": "0.51232",
"percentile": "0.97918"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-9512\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2019-08-13T21:15:12.287\",\"lastModified\":\"2024-11-21T04:51:46.193\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.\"},{\"lang\":\"es\",\"value\":\"Algunas implementaciones de HTTP / 2 son vulnerables a las inundaciones de ping, lo que puede conducir a una denegaci\u00f3n de servicio. El atacante env\u00eda pings continuos a un par HTTP / 2, haciendo que el par construya una cola interna de respuestas. Dependiendo de cu\u00e1n eficientemente se pongan en cola estos datos, esto puede consumir un exceso de CPU, memoria o ambos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndIncluding\":\"1.4.0\",\"matchCriteriaId\":\"93988E60-006B-434D-AB16-1FA1D2FEBC2A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.12\",\"matchCriteriaId\":\"1D294D56-E784-4DA8-9C2C-BC5A05C92C0C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.04\",\"matchCriteriaId\":\"65B1D2F6-BC1F-47AF-B4E6-4B50986AC622\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.2.3\",\"matchCriteriaId\":\"603BF43B-FC99-4039-A3C0-467F015A32FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndIncluding\":\"7.1.6\",\"matchCriteriaId\":\"07BB02CE-D4F2-459C-B0C6-FF78BF7996AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.0.3\",\"matchCriteriaId\":\"D875E0D8-D109-4F7F-A4C4-9EDD66CEE74E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.8.1\",\"matchCriteriaId\":\"74FB695D-2C76-47AB-988E-5629D2E695E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"8.9.0\",\"versionEndExcluding\":\"8.16.1\",\"matchCriteriaId\":\"CFC0252A-DF1D-4CF4-B450-27267227B599\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndIncluding\":\"10.12.0\",\"matchCriteriaId\":\"25A3180B-21AF-4010-9DAB-41ADFD2D8031\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"10.13.0\",\"versionEndExcluding\":\"10.16.3\",\"matchCriteriaId\":\"2EC65858-FF7B-4171-82EA-80942D426F40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndExcluding\":\"12.8.1\",\"matchCriteriaId\":\"F522C500-AA33-4029-865F-F27FB00A354E\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/Aug/16\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/08/20/1\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2594\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2661\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2682\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2690\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2726\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2766\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2769\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2796\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2861\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2925\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2939\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2955\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2966\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3131\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3245\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3265\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3892\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3906\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4018\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4019\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4020\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4021\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4040\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4041\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4042\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4045\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4269\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4273\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4352\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0406\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0727\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://kb.cert.org/vuls/id/605641/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/24\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/31\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/43\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Sep/18\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190823-0001/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190823-0004/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190823-0005/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K98053339\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K98053339?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"cret@cert.org\"},{\"url\":\"https://usn.ubuntu.com/4308-1/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4503\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4508\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4520\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_19_33\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/Aug/16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/08/20/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2594\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2661\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2682\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2690\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2726\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2766\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2769\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2796\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2861\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2925\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2939\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2955\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2966\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3131\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3245\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3265\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3892\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3906\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4018\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4019\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4020\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4021\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4040\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4041\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4042\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4045\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4269\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4273\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4352\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0406\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0727\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://kb.cert.org/vuls/id/605641/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/24\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/31\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Aug/43\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/Sep/18\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190823-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190823-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190823-0005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K98053339\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K98053339?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4308-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4503\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4508\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4520\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.synology.com/security/advisory/Synology_SA_19_33\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
FKIE_CVE-2019-9512
Vulnerability from fkie_nvd - Published: 2019-08-13 21:15 - Updated: 2024-11-21 04:51
Severity
Summary
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | swiftnio | * | |
| apple | mac_os_x | * | |
| canonical | ubuntu_linux | * | |
| apache | traffic_server | * | |
| apache | traffic_server | * | |
| apache | traffic_server | * | |
| debian | debian_linux | 10.0 | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * | |
| nodejs | node.js | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93988E60-006B-434D-AB16-1FA1D2FEBC2A",
"versionEndIncluding": "1.4.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D294D56-E784-4DA8-9C2C-BC5A05C92C0C",
"versionStartIncluding": "10.12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65B1D2F6-BC1F-47AF-B4E6-4B50986AC622",
"versionStartIncluding": "14.04",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "603BF43B-FC99-4039-A3C0-467F015A32FA",
"versionEndIncluding": "6.2.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07BB02CE-D4F2-459C-B0C6-FF78BF7996AE",
"versionEndIncluding": "7.1.6",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D875E0D8-D109-4F7F-A4C4-9EDD66CEE74E",
"versionEndIncluding": "8.0.3",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5",
"versionEndIncluding": "8.8.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "CFC0252A-DF1D-4CF4-B450-27267227B599",
"versionEndExcluding": "8.16.1",
"versionStartIncluding": "8.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "25A3180B-21AF-4010-9DAB-41ADFD2D8031",
"versionEndIncluding": "10.12.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"matchCriteriaId": "2EC65858-FF7B-4171-82EA-80942D426F40",
"versionEndExcluding": "10.16.3",
"versionStartIncluding": "10.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F522C500-AA33-4029-865F-F27FB00A354E",
"versionEndExcluding": "12.8.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both."
},
{
"lang": "es",
"value": "Algunas implementaciones de HTTP / 2 son vulnerables a las inundaciones de ping, lo que puede conducir a una denegaci\u00f3n de servicio. El atacante env\u00eda pings continuos a un par HTTP / 2, haciendo que el par construya una cola interna de respuestas. Dependiendo de cu\u00e1n eficientemente se pongan en cola estos datos, esto puede consumir un exceso de CPU, memoria o ambos."
}
],
"id": "CVE-2019-9512",
"lastModified": "2024-11-21T04:51:46.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cret@cert.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-13T21:15:12.287",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/16"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/20/1"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2594"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2661"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2682"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2690"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2726"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2766"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2769"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2796"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2861"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3131"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3245"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3265"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3906"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4018"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4019"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4020"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4021"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4040"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4041"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4042"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4045"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4269"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4273"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4352"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0406"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E"
},
{
"source": "cret@cert.org",
"url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"
},
{
"source": "cret@cert.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/24"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/31"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/43"
},
{
"source": "cret@cert.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/18"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0001/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0004/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K98053339"
},
{
"source": "cret@cert.org",
"url": "https://support.f5.com/csp/article/K98053339?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4308-1/"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4503"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4508"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4520"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/20/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K98053339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K98053339?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4308-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-HGR8-6H9X-F7Q9
Vulnerability from github – Published: 2022-05-24 16:53 – Updated: 2024-05-20 21:30
VLAI
Summary
golang.org/x/net/http vulnerable to ping floods
Details
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Specific Go Packages Affected
golang.org/x/net/http2
Severity
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "golang.org/x/net"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20190813141303-74dc4d7220e7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-9512"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2023-02-08T00:30:13Z",
"nvd_published_at": "2019-08-13T21:15:00Z",
"severity": "HIGH"
},
"details": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.\n\n### Specific Go Packages Affected\ngolang.org/x/net/http2",
"id": "GHSA-hgr8-6h9x-f7q9",
"modified": "2024-05-20T21:30:32Z",
"published": "2022-05-24T16:53:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"type": "WEB",
"url": "https://go.dev/cl/190137"
},
{
"type": "WEB",
"url": "https://go.dev/issue/33606"
},
{
"type": "WEB",
"url": "https://go.googlesource.com/go/+/145e193131eb486077b66009beb051aba07c52a5"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce/c/65QixT3tcmg/m/DrFiG6vvCwAJ"
},
{
"type": "WEB",
"url": "https://kb.cert.org/vuls/id/605641"
},
{
"type": "WEB",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2022-0536"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Aug/24"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Aug/31"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Aug/43"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Sep/18"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190823-0001"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190823-0004"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190823-0005"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K98053339"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K98053339?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4308-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4503"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4508"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4520"
},
{
"type": "WEB",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2594"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2661"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2682"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2690"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2726"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2766"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2769"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2796"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2861"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3131"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3245"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3265"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3906"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:4018"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:4019"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:4020"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:4021"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:4040"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:4041"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:4042"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:4045"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:4269"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:4273"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:4352"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0406"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Aug/16"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/08/20/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "golang.org/x/net/http vulnerable to ping floods"
}
GSD-2019-9512
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-9512",
"description": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"id": "GSD-2019-9512",
"references": [
"https://www.suse.com/security/cve/CVE-2019-9512.html",
"https://www.debian.org/security/2019/dsa-4520",
"https://www.debian.org/security/2019/dsa-4508",
"https://www.debian.org/security/2019/dsa-4503",
"https://access.redhat.com/errata/RHSA-2020:3197",
"https://access.redhat.com/errata/RHSA-2020:3196",
"https://access.redhat.com/errata/RHSA-2020:2565",
"https://access.redhat.com/errata/RHSA-2020:2067",
"https://access.redhat.com/errata/RHSA-2020:1445",
"https://access.redhat.com/errata/RHSA-2020:0983",
"https://access.redhat.com/errata/RHSA-2020:0922",
"https://access.redhat.com/errata/RHSA-2020:0727",
"https://access.redhat.com/errata/RHSA-2020:0406",
"https://access.redhat.com/errata/RHSA-2019:4352",
"https://access.redhat.com/errata/RHSA-2019:4273",
"https://access.redhat.com/errata/RHSA-2019:4269",
"https://access.redhat.com/errata/RHSA-2019:4045",
"https://access.redhat.com/errata/RHSA-2019:4042",
"https://access.redhat.com/errata/RHSA-2019:4041",
"https://access.redhat.com/errata/RHSA-2019:4040",
"https://access.redhat.com/errata/RHSA-2019:4021",
"https://access.redhat.com/errata/RHSA-2019:4020",
"https://access.redhat.com/errata/RHSA-2019:4019",
"https://access.redhat.com/errata/RHSA-2019:4018",
"https://access.redhat.com/errata/RHSA-2019:3906",
"https://access.redhat.com/errata/RHSA-2019:3892",
"https://access.redhat.com/errata/RHSA-2019:3265",
"https://access.redhat.com/errata/RHSA-2019:3245",
"https://access.redhat.com/errata/RHBA-2019:3139",
"https://access.redhat.com/errata/RHSA-2019:3131",
"https://access.redhat.com/errata/RHSA-2019:2966",
"https://access.redhat.com/errata/RHSA-2019:2955",
"https://access.redhat.com/errata/RHSA-2019:2939",
"https://access.redhat.com/errata/RHSA-2019:2925",
"https://access.redhat.com/errata/RHSA-2019:2861",
"https://access.redhat.com/errata/RHSA-2019:2817",
"https://access.redhat.com/errata/RHSA-2019:2796",
"https://access.redhat.com/errata/RHSA-2019:2769",
"https://access.redhat.com/errata/RHSA-2019:2766",
"https://access.redhat.com/errata/RHSA-2019:2726",
"https://access.redhat.com/errata/RHSA-2019:2690",
"https://access.redhat.com/errata/RHSA-2019:2682",
"https://access.redhat.com/errata/RHSA-2019:2661",
"https://access.redhat.com/errata/RHSA-2019:2594",
"https://ubuntu.com/security/CVE-2019-9512",
"https://advisories.mageia.org/CVE-2019-9512.html",
"https://security.archlinux.org/CVE-2019-9512",
"https://alas.aws.amazon.com/cve/html/CVE-2019-9512.html",
"https://linux.oracle.com/cve/CVE-2019-9512.html",
"https://access.redhat.com/errata/RHBA-2019:2819"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-9512"
],
"details": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"id": "GSD-2019-9512",
"modified": "2023-12-13T01:23:47.269763Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"AKA": "HTTP/2 Ping Flood",
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9512",
"STATE": "PUBLIC",
"TITLE": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Jonathan Looney of Netflix for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#605641",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"refsource": "MISC",
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"name": "[trafficserver-dev] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E"
},
{
"name": "[trafficserver-users] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E"
},
{
"name": "[trafficserver-announce] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E"
},
{
"name": "20190814 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/24"
},
{
"name": "20190816 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/16"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_19_33",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
},
{
"name": "20190819 [SECURITY] [DSA 4503-1] golang-1.11 security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/31"
},
{
"name": "DSA-4503",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4503"
},
{
"name": "https://support.f5.com/csp/article/K98053339",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K98053339"
},
{
"name": "[oss-security] 20190819 [ANNOUNCE] Security release of Kubernetes v1.15.3, v1.14.6, v1.13.10 - CVE-2019-9512 and CVE-2019-9514",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/08/20/1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190823-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190823-0001/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190823-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190823-0004/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190823-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"name": "openSUSE-SU-2019:2000",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html"
},
{
"name": "FEDORA-2019-5a6a7bc12c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"
},
{
"name": "FEDORA-2019-6a2980de56",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"
},
{
"name": "20190825 [SECURITY] [DSA 4508-1] h2o security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/43"
},
{
"name": "DSA-4508",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4508"
},
{
"name": "openSUSE-SU-2019:2056",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"
},
{
"name": "openSUSE-SU-2019:2072",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"
},
{
"name": "FEDORA-2019-55d101a740",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/"
},
{
"name": "FEDORA-2019-65db7ad6c7",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/"
},
{
"name": "openSUSE-SU-2019:2085",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html"
},
{
"name": "RHSA-2019:2682",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2682"
},
{
"name": "DSA-4520",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4520"
},
{
"name": "RHSA-2019:2726",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2726"
},
{
"name": "20190910 [SECURITY] [DSA 4520-1] trafficserver security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Sep/18"
},
{
"name": "RHSA-2019:2594",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2594"
},
{
"name": "openSUSE-SU-2019:2114",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"name": "openSUSE-SU-2019:2115",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"name": "RHSA-2019:2661",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2661"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"name": "RHSA-2019:2690",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2690"
},
{
"name": "RHSA-2019:2766",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2766"
},
{
"name": "openSUSE-SU-2019:2130",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html"
},
{
"name": "RHSA-2019:2796",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2796"
},
{
"name": "RHSA-2019:2861",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2861"
},
{
"name": "RHSA-2019:2925",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"name": "RHSA-2019:2939",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"name": "RHSA-2019:2955",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"name": "RHSA-2019:2966",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
},
{
"name": "https://support.f5.com/csp/article/K98053339?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K98053339?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "RHSA-2019:3131",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3131"
},
{
"name": "RHSA-2019:2769",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2769"
},
{
"name": "RHSA-2019:3245",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3245"
},
{
"name": "RHSA-2019:3265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3265"
},
{
"name": "RHSA-2019:3892",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"name": "RHSA-2019:3906",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3906"
},
{
"name": "RHSA-2019:4018",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4018"
},
{
"name": "RHSA-2019:4019",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4019"
},
{
"name": "RHSA-2019:4021",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4021"
},
{
"name": "RHSA-2019:4020",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4020"
},
{
"name": "RHSA-2019:4045",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4045"
},
{
"name": "RHSA-2019:4042",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4042"
},
{
"name": "RHSA-2019:4040",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4040"
},
{
"name": "RHSA-2019:4041",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4041"
},
{
"name": "RHSA-2019:4269",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4269"
},
{
"name": "RHSA-2019:4273",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4273"
},
{
"name": "RHSA-2019:4352",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4352"
},
{
"name": "RHSA-2020:0406",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0406"
},
{
"name": "RHSA-2020:0727",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
},
{
"name": "USN-4308-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4308-1/"
},
{
"name": "[debian-lts-announce] 20201208 [SECURITY] [DLA 2485-1] golang-golang-x-net-dev security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c0.0.0-20190813141303-74dc4d7220e7",
"affected_versions": "All versions before 0.0.0-20190813141303-74dc4d7220e7",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-400",
"CWE-937"
],
"date": "2023-02-24",
"description": "Some HTTP/2 implementations is vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"fixed_versions": [
"0.0.0-20190813141303-74dc4d7220e7"
],
"identifier": "CVE-2019-9512",
"identifiers": [
"GHSA-hgr8-6h9x-f7q9",
"CVE-2019-9512"
],
"not_impacted": "All versions starting from 0.0.0-20190813141303-74dc4d7220e7",
"package_slug": "go/golang.org/x/net",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 0.0.0-20190813141303-74dc4d7220e7 or above.",
"title": "Uncontrolled Resource Consumption",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-9512",
"https://go.dev/cl/190137",
"https://go.dev/issue/33606",
"https://go.googlesource.com/go/+/145e193131eb486077b66009beb051aba07c52a5",
"https://groups.google.com/g/golang-announce/c/65QixT3tcmg/m/DrFiG6vvCwAJ",
"https://pkg.go.dev/vuln/GO-2022-0536",
"https://github.com/advisories/GHSA-hgr8-6h9x-f7q9"
],
"uuid": "0dc2e380-3fb9-4c89-a888-28d22ea73486"
},
{
"affected_range": "\u003c0.0.0-20190813141303-74dc4d7220e7",
"affected_versions": "All versions before 0.0.0-20190813141303-74dc4d7220e7",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-400",
"CWE-937"
],
"date": "2023-02-08",
"description": "Some HTTP/2 implementations is vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"fixed_versions": [
"0.0.0-20190813141303-74dc4d7220e7"
],
"identifier": "CVE-2019-9512",
"identifiers": [
"GHSA-hgr8-6h9x-f7q9",
"CVE-2019-9512"
],
"not_impacted": "All versions starting from 0.0.0-20190813141303-74dc4d7220e7",
"package_slug": "go/golang.org/x/net/http",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 0.0.0-20190813141303-74dc4d7220e7 or above.",
"title": "Uncontrolled Resource Consumption",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-9512",
"https://access.redhat.com/errata/RHSA-2019:2594",
"https://access.redhat.com/errata/RHSA-2019:2661",
"https://access.redhat.com/errata/RHSA-2019:2682",
"https://access.redhat.com/errata/RHSA-2019:2690",
"https://access.redhat.com/errata/RHSA-2019:2726",
"https://access.redhat.com/errata/RHSA-2019:2766",
"https://access.redhat.com/errata/RHSA-2019:2769",
"https://access.redhat.com/errata/RHSA-2019:2796",
"https://access.redhat.com/errata/RHSA-2019:2861",
"https://access.redhat.com/errata/RHSA-2019:2925",
"https://access.redhat.com/errata/RHSA-2019:2939",
"https://access.redhat.com/errata/RHSA-2019:2955",
"https://access.redhat.com/errata/RHSA-2019:2966",
"https://access.redhat.com/errata/RHSA-2019:3131",
"https://access.redhat.com/errata/RHSA-2019:3245",
"https://access.redhat.com/errata/RHSA-2019:3265",
"https://access.redhat.com/errata/RHSA-2019:3892",
"https://access.redhat.com/errata/RHSA-2019:3906",
"https://access.redhat.com/errata/RHSA-2019:4018",
"https://access.redhat.com/errata/RHSA-2019:4019",
"https://access.redhat.com/errata/RHSA-2019:4020",
"https://access.redhat.com/errata/RHSA-2019:4021",
"https://access.redhat.com/errata/RHSA-2019:4040",
"https://access.redhat.com/errata/RHSA-2019:4041",
"https://access.redhat.com/errata/RHSA-2019:4042",
"https://access.redhat.com/errata/RHSA-2019:4045",
"https://access.redhat.com/errata/RHSA-2019:4269",
"https://access.redhat.com/errata/RHSA-2019:4273",
"https://access.redhat.com/errata/RHSA-2019:4352",
"https://access.redhat.com/errata/RHSA-2020:0406",
"https://access.redhat.com/errata/RHSA-2020:0727",
"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"https://kb.cert.org/vuls/id/605641/",
"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296",
"https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E",
"https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E",
"https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/",
"https://seclists.org/bugtraq/2019/Aug/24",
"https://seclists.org/bugtraq/2019/Aug/31",
"https://seclists.org/bugtraq/2019/Aug/43",
"https://seclists.org/bugtraq/2019/Sep/18",
"https://security.netapp.com/advisory/ntap-20190823-0001/",
"https://security.netapp.com/advisory/ntap-20190823-0004/",
"https://security.netapp.com/advisory/ntap-20190823-0005/",
"https://support.f5.com/csp/article/K98053339",
"https://support.f5.com/csp/article/K98053339?utm_source=f5support\u0026amp;utm_medium=RSS",
"https://usn.ubuntu.com/4308-1/",
"https://www.debian.org/security/2019/dsa-4503",
"https://www.debian.org/security/2019/dsa-4508",
"https://www.debian.org/security/2019/dsa-4520",
"https://www.synology.com/security/advisory/Synology_SA_19_33",
"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html",
"http://seclists.org/fulldisclosure/2019/Aug/16",
"http://www.openwall.com/lists/oss-security/2019/08/20/1",
"https://go.dev/cl/190137",
"https://go.dev/issue/33606",
"https://go.googlesource.com/go/+/145e193131eb486077b66009beb051aba07c52a5",
"https://groups.google.com/g/golang-announce/c/65QixT3tcmg/m/DrFiG6vvCwAJ",
"https://pkg.go.dev/vuln/GO-2022-0536",
"https://github.com/advisories/GHSA-hgr8-6h9x-f7q9"
],
"uuid": "e5a34ef1-1ce7-4b58-8089-7852a72e7910"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.4.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "14.04",
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "10.12",
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.3",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1.6",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.2.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.8.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.12.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.8.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.16.3",
"versionStartIncluding": "10.13.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.16.1",
"versionStartIncluding": "8.9.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9512"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#605641",
"refsource": "CERT-VN",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"name": "[trafficserver-announce] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
"refsource": "MLIST",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E"
},
{
"name": "[trafficserver-users] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
"refsource": "MLIST",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E"
},
{
"name": "[trafficserver-dev] 20190813 Apache Traffic Server is vulnerable to various HTTP/2 attacks",
"refsource": "MLIST",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E"
},
{
"name": "20190814 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0",
"refsource": "BUGTRAQ",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/24"
},
{
"name": "20190816 APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0",
"refsource": "FULLDISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/16"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_19_33",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_33"
},
{
"name": "20190819 [SECURITY] [DSA 4503-1] golang-1.11 security update",
"refsource": "BUGTRAQ",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/31"
},
{
"name": "DSA-4503",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4503"
},
{
"name": "https://support.f5.com/csp/article/K98053339",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K98053339"
},
{
"name": "[oss-security] 20190819 [ANNOUNCE] Security release of Kubernetes v1.15.3, v1.14.6, v1.13.10 - CVE-2019-9512 and CVE-2019-9514",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/20/1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190823-0004/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0004/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190823-0005/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190823-0001/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190823-0001/"
},
{
"name": "openSUSE-SU-2019:2000",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html"
},
{
"name": "FEDORA-2019-5a6a7bc12c",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/"
},
{
"name": "FEDORA-2019-6a2980de56",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/"
},
{
"name": "20190825 [SECURITY] [DSA 4508-1] h2o security update",
"refsource": "BUGTRAQ",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/43"
},
{
"name": "DSA-4508",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4508"
},
{
"name": "openSUSE-SU-2019:2056",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html"
},
{
"name": "openSUSE-SU-2019:2072",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html"
},
{
"name": "FEDORA-2019-65db7ad6c7",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/"
},
{
"name": "FEDORA-2019-55d101a740",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/"
},
{
"name": "openSUSE-SU-2019:2085",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html"
},
{
"name": "RHSA-2019:2682",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2682"
},
{
"name": "DSA-4520",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4520"
},
{
"name": "RHSA-2019:2726",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2726"
},
{
"name": "20190910 [SECURITY] [DSA 4520-1] trafficserver security update",
"refsource": "BUGTRAQ",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Sep/18"
},
{
"name": "RHSA-2019:2594",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2594"
},
{
"name": "openSUSE-SU-2019:2114",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"name": "openSUSE-SU-2019:2115",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"name": "RHSA-2019:2661",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2661"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10296"
},
{
"name": "RHSA-2019:2690",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2690"
},
{
"name": "RHSA-2019:2766",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2766"
},
{
"name": "openSUSE-SU-2019:2130",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html"
},
{
"name": "RHSA-2019:2796",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2796"
},
{
"name": "RHSA-2019:2861",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2861"
},
{
"name": "RHSA-2019:2925",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2925"
},
{
"name": "RHSA-2019:2939",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2939"
},
{
"name": "RHSA-2019:2955",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2955"
},
{
"name": "RHSA-2019:2966",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2966"
},
{
"name": "https://support.f5.com/csp/article/K98053339?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K98053339?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "RHSA-2019:3131",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3131"
},
{
"name": "RHSA-2019:2769",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2769"
},
{
"name": "RHSA-2019:3245",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3245"
},
{
"name": "RHSA-2019:3265",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3265"
},
{
"name": "RHSA-2019:3892",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"name": "RHSA-2019:3906",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3906"
},
{
"name": "RHSA-2019:4018",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4018"
},
{
"name": "RHSA-2019:4020",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4020"
},
{
"name": "RHSA-2019:4019",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4019"
},
{
"name": "RHSA-2019:4021",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4021"
},
{
"name": "RHSA-2019:4040",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4040"
},
{
"name": "RHSA-2019:4042",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4042"
},
{
"name": "RHSA-2019:4041",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4041"
},
{
"name": "RHSA-2019:4045",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4045"
},
{
"name": "RHSA-2019:4269",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4269"
},
{
"name": "RHSA-2019:4273",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4273"
},
{
"name": "RHSA-2019:4352",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4352"
},
{
"name": "RHSA-2020:0406",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0406"
},
{
"name": "RHSA-2020:0727",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0727"
},
{
"name": "USN-4308-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4308-1/"
},
{
"name": "[debian-lts-announce] 20201208 [SECURITY] [DLA 2485-1] golang-golang-x-net-dev security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-08-12T18:41Z",
"publishedDate": "2019-08-13T21:15Z"
}
}
}
OPENSUSE-SU-2019:2000-1
Vulnerability from csaf_opensuse - Published: 2019-08-24 12:18 - Updated: 2019-08-24 12:18Summary
Security update for go1.12
Severity
Important
Notes
Title of the patch: Security update for go1.12
Description of the patch: This update for go1.12 fixes the following issues:
Security issues fixed:
- CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth. (bsc#1146111)
- CVE-2019-9514: Fixed HTTP/2 implementation is vulnerable to a reset flood, potentially leading to a denial of service. (bsc#1146115)
- CVE-2019-14809: Fixed authorization bypass due to malformed hosts in URLs. (bsc#1146123)
Patchnames: openSUSE-2019-2000
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.12",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.12 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth. (bsc#1146111)\n- CVE-2019-9514: Fixed HTTP/2 implementation is vulnerable to a reset flood, potentially leading to a denial of service. (bsc#1146115)\n- CVE-2019-14809: Fixed authorization bypass due to malformed hosts in URLs. (bsc#1146123)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2000",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2000-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2000-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XQV7XTKIELHQ3WYN6US2FNRX7SHXE46J/#XQV7XTKIELHQ3WYN6US2FNRX7SHXE46J"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2000-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XQV7XTKIELHQ3WYN6US2FNRX7SHXE46J/#XQV7XTKIELHQ3WYN6US2FNRX7SHXE46J"
},
{
"category": "self",
"summary": "SUSE Bug 1139210",
"url": "https://bugzilla.suse.com/1139210"
},
{
"category": "self",
"summary": "SUSE Bug 1141689",
"url": "https://bugzilla.suse.com/1141689"
},
{
"category": "self",
"summary": "SUSE Bug 1146111",
"url": "https://bugzilla.suse.com/1146111"
},
{
"category": "self",
"summary": "SUSE Bug 1146115",
"url": "https://bugzilla.suse.com/1146115"
},
{
"category": "self",
"summary": "SUSE Bug 1146123",
"url": "https://bugzilla.suse.com/1146123"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14809 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9512 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9512/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9514 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9514/"
}
],
"title": "Security update for go1.12",
"tracking": {
"current_release_date": "2019-08-24T12:18:42Z",
"generator": {
"date": "2019-08-24T12:18:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2000-1",
"initial_release_date": "2019-08-24T12:18:42Z",
"revision_history": [
{
"date": "2019-08-24T12:18:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.12-1.12.9-lp151.2.9.1.x86_64",
"product": {
"name": "go1.12-1.12.9-lp151.2.9.1.x86_64",
"product_id": "go1.12-1.12.9-lp151.2.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.9-lp151.2.9.1.x86_64",
"product": {
"name": "go1.12-doc-1.12.9-lp151.2.9.1.x86_64",
"product_id": "go1.12-doc-1.12.9-lp151.2.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-race-1.12.9-lp151.2.9.1.x86_64",
"product": {
"name": "go1.12-race-1.12.9-lp151.2.9.1.x86_64",
"product_id": "go1.12-race-1.12.9-lp151.2.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-1.12.9-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.9.1.x86_64"
},
"product_reference": "go1.12-1.12.9-lp151.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-doc-1.12.9-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.9.1.x86_64"
},
"product_reference": "go1.12-doc-1.12.9-lp151.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-race-1.12.9-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.9.1.x86_64"
},
"product_reference": "go1.12-race-1.12.9-lp151.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-14809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14809"
}
],
"notes": [
{
"category": "general",
"text": "net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14809",
"url": "https://www.suse.com/security/cve/CVE-2019-14809"
},
{
"category": "external",
"summary": "SUSE Bug 1146123 for CVE-2019-14809",
"url": "https://bugzilla.suse.com/1146123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-24T12:18:42Z",
"details": "moderate"
}
],
"title": "CVE-2019-14809"
},
{
"cve": "CVE-2019-9512",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9512"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9512",
"url": "https://www.suse.com/security/cve/CVE-2019-9512"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146099 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146099"
},
{
"category": "external",
"summary": "SUSE Bug 1146111 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146111"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-24T12:18:42Z",
"details": "important"
}
],
"title": "CVE-2019-9512"
},
{
"cve": "CVE-2019-9514",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9514"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9514",
"url": "https://www.suse.com/security/cve/CVE-2019-9514"
},
{
"category": "external",
"summary": "SUSE Bug 1145662 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145662"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146095 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146095"
},
{
"category": "external",
"summary": "SUSE Bug 1146115 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146115"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-24T12:18:42Z",
"details": "important"
}
],
"title": "CVE-2019-9514"
}
]
}
OPENSUSE-SU-2019:2056-1
Vulnerability from csaf_opensuse - Published: 2019-09-02 12:21 - Updated: 2019-09-02 12:21Summary
Security update for go1.12
Severity
Moderate
Notes
Title of the patch: Security update for go1.12
Description of the patch: This update for go1.12 fixes the following issues:
Security issues fixed:
- CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth (bsc#1146111).
- CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146115).
- CVE-2019-14809: Fixed malformed hosts in URLs that leads to authorization bypass (bsc#1146123).
Bugfixes:
- Update to go version 1.12.9 (bsc#1141689).
- Adding Web Assembly stuff from misc/wasm (bsc#1139210).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-2056
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:go1.12-1.12.9-lp151.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.12-doc-1.12.9-lp151.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.12-race-1.12.9-lp151.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:go1.12-1.12.9-lp151.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.12-doc-1.12.9-lp151.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.12-race-1.12.9-lp151.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:go1.12-1.12.9-lp151.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.12-doc-1.12.9-lp151.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.12-race-1.12.9-lp151.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.13.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.13.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.12",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.12 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth (bsc#1146111).\n- CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146115).\n- CVE-2019-14809: Fixed malformed hosts in URLs that leads to authorization bypass (bsc#1146123).\n\nBugfixes:\n\n- Update to go version 1.12.9 (bsc#1141689).\n- Adding Web Assembly stuff from misc/wasm (bsc#1139210).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2056",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2056-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2056-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LE2FKAGHX7TQTQPVJRI4PFRX7OYCDOCT/#LE2FKAGHX7TQTQPVJRI4PFRX7OYCDOCT"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2056-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LE2FKAGHX7TQTQPVJRI4PFRX7OYCDOCT/#LE2FKAGHX7TQTQPVJRI4PFRX7OYCDOCT"
},
{
"category": "self",
"summary": "SUSE Bug 1139210",
"url": "https://bugzilla.suse.com/1139210"
},
{
"category": "self",
"summary": "SUSE Bug 1141689",
"url": "https://bugzilla.suse.com/1141689"
},
{
"category": "self",
"summary": "SUSE Bug 1146111",
"url": "https://bugzilla.suse.com/1146111"
},
{
"category": "self",
"summary": "SUSE Bug 1146115",
"url": "https://bugzilla.suse.com/1146115"
},
{
"category": "self",
"summary": "SUSE Bug 1146123",
"url": "https://bugzilla.suse.com/1146123"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14809 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9512 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9512/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9514 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9514/"
}
],
"title": "Security update for go1.12",
"tracking": {
"current_release_date": "2019-09-02T12:21:15Z",
"generator": {
"date": "2019-09-02T12:21:15Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2056-1",
"initial_release_date": "2019-09-02T12:21:15Z",
"revision_history": [
{
"date": "2019-09-02T12:21:15Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.12-1.12.9-lp151.2.13.1.x86_64",
"product": {
"name": "go1.12-1.12.9-lp151.2.13.1.x86_64",
"product_id": "go1.12-1.12.9-lp151.2.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.9-lp151.2.13.1.x86_64",
"product": {
"name": "go1.12-doc-1.12.9-lp151.2.13.1.x86_64",
"product_id": "go1.12-doc-1.12.9-lp151.2.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-race-1.12.9-lp151.2.13.1.x86_64",
"product": {
"name": "go1.12-race-1.12.9-lp151.2.13.1.x86_64",
"product_id": "go1.12-race-1.12.9-lp151.2.13.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-1.12.9-lp151.2.13.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go1.12-1.12.9-lp151.2.13.1.x86_64"
},
"product_reference": "go1.12-1.12.9-lp151.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-doc-1.12.9-lp151.2.13.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go1.12-doc-1.12.9-lp151.2.13.1.x86_64"
},
"product_reference": "go1.12-doc-1.12.9-lp151.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-race-1.12.9-lp151.2.13.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go1.12-race-1.12.9-lp151.2.13.1.x86_64"
},
"product_reference": "go1.12-race-1.12.9-lp151.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-1.12.9-lp151.2.13.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.13.1.x86_64"
},
"product_reference": "go1.12-1.12.9-lp151.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-doc-1.12.9-lp151.2.13.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.13.1.x86_64"
},
"product_reference": "go1.12-doc-1.12.9-lp151.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-race-1.12.9-lp151.2.13.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.13.1.x86_64"
},
"product_reference": "go1.12-race-1.12.9-lp151.2.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-14809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14809"
}
],
"notes": [
{
"category": "general",
"text": "net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:go1.12-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14809",
"url": "https://www.suse.com/security/cve/CVE-2019-14809"
},
{
"category": "external",
"summary": "SUSE Bug 1146123 for CVE-2019-14809",
"url": "https://bugzilla.suse.com/1146123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:go1.12-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:go1.12-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-02T12:21:15Z",
"details": "moderate"
}
],
"title": "CVE-2019-14809"
},
{
"cve": "CVE-2019-9512",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9512"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:go1.12-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9512",
"url": "https://www.suse.com/security/cve/CVE-2019-9512"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146099 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146099"
},
{
"category": "external",
"summary": "SUSE Bug 1146111 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146111"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:go1.12-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:go1.12-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-02T12:21:15Z",
"details": "important"
}
],
"title": "CVE-2019-9512"
},
{
"cve": "CVE-2019-9514",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9514"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:go1.12-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9514",
"url": "https://www.suse.com/security/cve/CVE-2019-9514"
},
{
"category": "external",
"summary": "SUSE Bug 1145662 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145662"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146095 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146095"
},
{
"category": "external",
"summary": "SUSE Bug 1146115 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146115"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:go1.12-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:go1.12-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.13.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-02T12:21:15Z",
"details": "important"
}
],
"title": "CVE-2019-9514"
}
]
}
OPENSUSE-SU-2019:2072-1
Vulnerability from csaf_opensuse - Published: 2019-09-05 08:24 - Updated: 2019-09-05 08:24Summary
Security update for go1.11
Severity
Moderate
Notes
Title of the patch: Security update for go1.11
Description of the patch: This update for go1.11 fixes the following issues:
Security issues fixed:
- CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth (bsc#1146111).
- CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146115).
- CVE-2019-14809: Fixed malformed hosts in URLs that leads to authorization bypass (bsc#1146123).
Bugfixes:
- Update to go version 1.11.13 (bsc#1141688).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-2072
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:go1.11-1.11.13-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.11-doc-1.11.13-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.11-race-1.11.13-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.11-1.11.13-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.11-doc-1.11.13-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.11-race-1.11.13-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:go1.11-1.11.13-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.11-doc-1.11.13-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.11-race-1.11.13-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.11-1.11.13-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.11-doc-1.11.13-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.11-race-1.11.13-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:go1.11-1.11.13-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.11-doc-1.11.13-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:go1.11-race-1.11.13-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.11-1.11.13-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.11-doc-1.11.13-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.11-race-1.11.13-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.11",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.11 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth (bsc#1146111).\n- CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146115).\n- CVE-2019-14809: Fixed malformed hosts in URLs that leads to authorization bypass (bsc#1146123).\n\nBugfixes:\n\n- Update to go version 1.11.13 (bsc#1141688).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2072",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2072-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2072-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BI24YEOJ5PH7KNJKSQBX7VWR2MF4QCUT/#BI24YEOJ5PH7KNJKSQBX7VWR2MF4QCUT"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2072-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BI24YEOJ5PH7KNJKSQBX7VWR2MF4QCUT/#BI24YEOJ5PH7KNJKSQBX7VWR2MF4QCUT"
},
{
"category": "self",
"summary": "SUSE Bug 1141688",
"url": "https://bugzilla.suse.com/1141688"
},
{
"category": "self",
"summary": "SUSE Bug 1146111",
"url": "https://bugzilla.suse.com/1146111"
},
{
"category": "self",
"summary": "SUSE Bug 1146115",
"url": "https://bugzilla.suse.com/1146115"
},
{
"category": "self",
"summary": "SUSE Bug 1146123",
"url": "https://bugzilla.suse.com/1146123"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14809 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9512 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9512/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9514 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9514/"
}
],
"title": "Security update for go1.11",
"tracking": {
"current_release_date": "2019-09-05T08:24:15Z",
"generator": {
"date": "2019-09-05T08:24:15Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2072-1",
"initial_release_date": "2019-09-05T08:24:15Z",
"revision_history": [
{
"date": "2019-09-05T08:24:15Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.11-1.11.13-lp151.2.9.1.x86_64",
"product": {
"name": "go1.11-1.11.13-lp151.2.9.1.x86_64",
"product_id": "go1.11-1.11.13-lp151.2.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.11-doc-1.11.13-lp151.2.9.1.x86_64",
"product": {
"name": "go1.11-doc-1.11.13-lp151.2.9.1.x86_64",
"product_id": "go1.11-doc-1.11.13-lp151.2.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.11-race-1.11.13-lp151.2.9.1.x86_64",
"product": {
"name": "go1.11-race-1.11.13-lp151.2.9.1.x86_64",
"product_id": "go1.11-race-1.11.13-lp151.2.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-1.11.13-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go1.11-1.11.13-lp151.2.9.1.x86_64"
},
"product_reference": "go1.11-1.11.13-lp151.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-doc-1.11.13-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go1.11-doc-1.11.13-lp151.2.9.1.x86_64"
},
"product_reference": "go1.11-doc-1.11.13-lp151.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-race-1.11.13-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go1.11-race-1.11.13-lp151.2.9.1.x86_64"
},
"product_reference": "go1.11-race-1.11.13-lp151.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-1.11.13-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.11-1.11.13-lp151.2.9.1.x86_64"
},
"product_reference": "go1.11-1.11.13-lp151.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-doc-1.11.13-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.11-doc-1.11.13-lp151.2.9.1.x86_64"
},
"product_reference": "go1.11-doc-1.11.13-lp151.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-race-1.11.13-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.11-race-1.11.13-lp151.2.9.1.x86_64"
},
"product_reference": "go1.11-race-1.11.13-lp151.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-14809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14809"
}
],
"notes": [
{
"category": "general",
"text": "net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:go1.11-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.13-lp151.2.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14809",
"url": "https://www.suse.com/security/cve/CVE-2019-14809"
},
{
"category": "external",
"summary": "SUSE Bug 1146123 for CVE-2019-14809",
"url": "https://bugzilla.suse.com/1146123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:go1.11-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.13-lp151.2.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:go1.11-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.13-lp151.2.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:24:15Z",
"details": "moderate"
}
],
"title": "CVE-2019-14809"
},
{
"cve": "CVE-2019-9512",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9512"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:go1.11-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.13-lp151.2.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9512",
"url": "https://www.suse.com/security/cve/CVE-2019-9512"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146099 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146099"
},
{
"category": "external",
"summary": "SUSE Bug 1146111 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146111"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:go1.11-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.13-lp151.2.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:go1.11-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.13-lp151.2.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:24:15Z",
"details": "important"
}
],
"title": "CVE-2019-9512"
},
{
"cve": "CVE-2019-9514",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9514"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:go1.11-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.13-lp151.2.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9514",
"url": "https://www.suse.com/security/cve/CVE-2019-9514"
},
{
"category": "external",
"summary": "SUSE Bug 1145662 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145662"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146095 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146095"
},
{
"category": "external",
"summary": "SUSE Bug 1146115 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146115"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:go1.11-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.13-lp151.2.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:go1.11-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.13-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.13-lp151.2.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-05T08:24:15Z",
"details": "important"
}
],
"title": "CVE-2019-9514"
}
]
}
OPENSUSE-SU-2019:2085-1
Vulnerability from csaf_opensuse - Published: 2019-09-07 14:22 - Updated: 2019-09-07 14:22Summary
Security update for go1.12
Severity
Moderate
Notes
Title of the patch: Security update for go1.12
Description of the patch: This update for go1.12 fixes the following issues:
Security issues fixed:
- CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth (bsc#1146111).
- CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146115).
- CVE-2019-14809: Fixed malformed hosts in URLs that leads to authorization bypass (bsc#1146123).
Bugfixes:
- Update to go version 1.12.9 (bsc#1141689).
- Adding Web Assembly stuff from misc/wasm (bsc#1139210).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-2085
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.12",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.12 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth (bsc#1146111).\n- CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146115).\n- CVE-2019-14809: Fixed malformed hosts in URLs that leads to authorization bypass (bsc#1146123).\n\nBugfixes:\n\n- Update to go version 1.12.9 (bsc#1141689).\n- Adding Web Assembly stuff from misc/wasm (bsc#1139210).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2085",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2085-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2085-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CFMNCQ6JJUWWGAM7EXLET5I2K3DIJU5W/#CFMNCQ6JJUWWGAM7EXLET5I2K3DIJU5W"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2085-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CFMNCQ6JJUWWGAM7EXLET5I2K3DIJU5W/#CFMNCQ6JJUWWGAM7EXLET5I2K3DIJU5W"
},
{
"category": "self",
"summary": "SUSE Bug 1139210",
"url": "https://bugzilla.suse.com/1139210"
},
{
"category": "self",
"summary": "SUSE Bug 1141689",
"url": "https://bugzilla.suse.com/1141689"
},
{
"category": "self",
"summary": "SUSE Bug 1146111",
"url": "https://bugzilla.suse.com/1146111"
},
{
"category": "self",
"summary": "SUSE Bug 1146115",
"url": "https://bugzilla.suse.com/1146115"
},
{
"category": "self",
"summary": "SUSE Bug 1146123",
"url": "https://bugzilla.suse.com/1146123"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14809 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9512 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9512/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9514 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9514/"
}
],
"title": "Security update for go1.12",
"tracking": {
"current_release_date": "2019-09-07T14:22:30Z",
"generator": {
"date": "2019-09-07T14:22:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2085-1",
"initial_release_date": "2019-09-07T14:22:30Z",
"revision_history": [
{
"date": "2019-09-07T14:22:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.12-1.12.9-lp151.2.17.1.x86_64",
"product": {
"name": "go1.12-1.12.9-lp151.2.17.1.x86_64",
"product_id": "go1.12-1.12.9-lp151.2.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.9-lp151.2.17.1.x86_64",
"product": {
"name": "go1.12-doc-1.12.9-lp151.2.17.1.x86_64",
"product_id": "go1.12-doc-1.12.9-lp151.2.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-race-1.12.9-lp151.2.17.1.x86_64",
"product": {
"name": "go1.12-race-1.12.9-lp151.2.17.1.x86_64",
"product_id": "go1.12-race-1.12.9-lp151.2.17.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-1.12.9-lp151.2.17.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.17.1.x86_64"
},
"product_reference": "go1.12-1.12.9-lp151.2.17.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-doc-1.12.9-lp151.2.17.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.17.1.x86_64"
},
"product_reference": "go1.12-doc-1.12.9-lp151.2.17.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-race-1.12.9-lp151.2.17.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.17.1.x86_64"
},
"product_reference": "go1.12-race-1.12.9-lp151.2.17.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-14809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14809"
}
],
"notes": [
{
"category": "general",
"text": "net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.17.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.17.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14809",
"url": "https://www.suse.com/security/cve/CVE-2019-14809"
},
{
"category": "external",
"summary": "SUSE Bug 1146123 for CVE-2019-14809",
"url": "https://bugzilla.suse.com/1146123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.17.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.17.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.17.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.17.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-07T14:22:30Z",
"details": "moderate"
}
],
"title": "CVE-2019-14809"
},
{
"cve": "CVE-2019-9512",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9512"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.17.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.17.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9512",
"url": "https://www.suse.com/security/cve/CVE-2019-9512"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146099 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146099"
},
{
"category": "external",
"summary": "SUSE Bug 1146111 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146111"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.17.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.17.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.17.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.17.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-07T14:22:30Z",
"details": "important"
}
],
"title": "CVE-2019-9512"
},
{
"cve": "CVE-2019-9514",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9514"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.17.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.17.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9514",
"url": "https://www.suse.com/security/cve/CVE-2019-9514"
},
{
"category": "external",
"summary": "SUSE Bug 1145662 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145662"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146095 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146095"
},
{
"category": "external",
"summary": "SUSE Bug 1146115 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146115"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.17.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.17.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.17.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.17.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-07T14:22:30Z",
"details": "important"
}
],
"title": "CVE-2019-9514"
}
]
}
OPENSUSE-SU-2019:2114-1
Vulnerability from csaf_opensuse - Published: 2019-09-10 16:22 - Updated: 2019-09-10 16:22Summary
Security update for nodejs10
Severity
Important
Notes
Title of the patch: Security update for nodejs10
Description of the patch: This update for nodejs10 to version 10.16.3 fixes the following issues:
Security issues fixed:
- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091).
- CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099).
- CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094).
- CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).
- CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100).
- CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).
- CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097).
- CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-2114
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
57 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs10",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs10 to version 10.16.3 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091).\n- CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099).\n- CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094).\n- CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).\n- CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100).\n- CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).\n- CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097).\n- CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2114",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2114-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2114-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/R3H4KAW53AW5JRYOIFARBV2NZCYA2XCC/#R3H4KAW53AW5JRYOIFARBV2NZCYA2XCC"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2114-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/R3H4KAW53AW5JRYOIFARBV2NZCYA2XCC/#R3H4KAW53AW5JRYOIFARBV2NZCYA2XCC"
},
{
"category": "self",
"summary": "SUSE Bug 1146090",
"url": "https://bugzilla.suse.com/1146090"
},
{
"category": "self",
"summary": "SUSE Bug 1146091",
"url": "https://bugzilla.suse.com/1146091"
},
{
"category": "self",
"summary": "SUSE Bug 1146093",
"url": "https://bugzilla.suse.com/1146093"
},
{
"category": "self",
"summary": "SUSE Bug 1146094",
"url": "https://bugzilla.suse.com/1146094"
},
{
"category": "self",
"summary": "SUSE Bug 1146095",
"url": "https://bugzilla.suse.com/1146095"
},
{
"category": "self",
"summary": "SUSE Bug 1146097",
"url": "https://bugzilla.suse.com/1146097"
},
{
"category": "self",
"summary": "SUSE Bug 1146099",
"url": "https://bugzilla.suse.com/1146099"
},
{
"category": "self",
"summary": "SUSE Bug 1146100",
"url": "https://bugzilla.suse.com/1146100"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9511 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9512 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9512/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9513 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9513/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9514 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9514/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9515 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9515/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9516 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9516/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9517 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9517/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9518 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9518/"
}
],
"title": "Security update for nodejs10",
"tracking": {
"current_release_date": "2019-09-10T16:22:24Z",
"generator": {
"date": "2019-09-10T16:22:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2114-1",
"initial_release_date": "2019-09-10T16:22:24Z",
"revision_history": [
{
"date": "2019-09-10T16:22:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nodejs10-10.16.3-lp151.2.6.1.i586",
"product": {
"name": "nodejs10-10.16.3-lp151.2.6.1.i586",
"product_id": "nodejs10-10.16.3-lp151.2.6.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"product": {
"name": "nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"product_id": "nodejs10-devel-10.16.3-lp151.2.6.1.i586"
}
},
{
"category": "product_version",
"name": "npm10-10.16.3-lp151.2.6.1.i586",
"product": {
"name": "npm10-10.16.3-lp151.2.6.1.i586",
"product_id": "npm10-10.16.3-lp151.2.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"product": {
"name": "nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"product_id": "nodejs10-docs-10.16.3-lp151.2.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs10-10.16.3-lp151.2.6.1.x86_64",
"product": {
"name": "nodejs10-10.16.3-lp151.2.6.1.x86_64",
"product_id": "nodejs10-10.16.3-lp151.2.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"product": {
"name": "nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"product_id": "nodejs10-devel-10.16.3-lp151.2.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm10-10.16.3-lp151.2.6.1.x86_64",
"product": {
"name": "npm10-10.16.3-lp151.2.6.1.x86_64",
"product_id": "npm10-10.16.3-lp151.2.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-10.16.3-lp151.2.6.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586"
},
"product_reference": "nodejs10-10.16.3-lp151.2.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-10.16.3-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64"
},
"product_reference": "nodejs10-10.16.3-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-devel-10.16.3-lp151.2.6.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586"
},
"product_reference": "nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-devel-10.16.3-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64"
},
"product_reference": "nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-docs-10.16.3-lp151.2.6.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch"
},
"product_reference": "nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm10-10.16.3-lp151.2.6.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586"
},
"product_reference": "npm10-10.16.3-lp151.2.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm10-10.16.3-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64"
},
"product_reference": "npm10-10.16.3-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-10.16.3-lp151.2.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586"
},
"product_reference": "nodejs10-10.16.3-lp151.2.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-10.16.3-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64"
},
"product_reference": "nodejs10-10.16.3-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-devel-10.16.3-lp151.2.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586"
},
"product_reference": "nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-devel-10.16.3-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64"
},
"product_reference": "nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs10-docs-10.16.3-lp151.2.6.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch"
},
"product_reference": "nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm10-10.16.3-lp151.2.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586"
},
"product_reference": "npm10-10.16.3-lp151.2.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm10-10.16.3-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64"
},
"product_reference": "npm10-10.16.3-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-9511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9511"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9511",
"url": "https://www.suse.com/security/cve/CVE-2019-9511"
},
{
"category": "external",
"summary": "SUSE Bug 1145579 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1145579"
},
{
"category": "external",
"summary": "SUSE Bug 1146091 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1146091"
},
{
"category": "external",
"summary": "SUSE Bug 1146182 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1146182"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1193427"
},
{
"category": "external",
"summary": "SUSE Bug 1202787 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1202787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T16:22:24Z",
"details": "low"
}
],
"title": "CVE-2019-9511"
},
{
"cve": "CVE-2019-9512",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9512"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9512",
"url": "https://www.suse.com/security/cve/CVE-2019-9512"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146099 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146099"
},
{
"category": "external",
"summary": "SUSE Bug 1146111 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146111"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T16:22:24Z",
"details": "important"
}
],
"title": "CVE-2019-9512"
},
{
"cve": "CVE-2019-9513",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9513"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9513",
"url": "https://www.suse.com/security/cve/CVE-2019-9513"
},
{
"category": "external",
"summary": "SUSE Bug 1145580 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1145580"
},
{
"category": "external",
"summary": "SUSE Bug 1146094 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1146094"
},
{
"category": "external",
"summary": "SUSE Bug 1146184 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1146184"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1193427"
},
{
"category": "external",
"summary": "SUSE Bug 1202787 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1202787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T16:22:24Z",
"details": "low"
}
],
"title": "CVE-2019-9513"
},
{
"cve": "CVE-2019-9514",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9514"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9514",
"url": "https://www.suse.com/security/cve/CVE-2019-9514"
},
{
"category": "external",
"summary": "SUSE Bug 1145662 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145662"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146095 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146095"
},
{
"category": "external",
"summary": "SUSE Bug 1146115 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146115"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T16:22:24Z",
"details": "important"
}
],
"title": "CVE-2019-9514"
},
{
"cve": "CVE-2019-9515",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9515"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9515",
"url": "https://www.suse.com/security/cve/CVE-2019-9515"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9515",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146100 for CVE-2019-9515",
"url": "https://bugzilla.suse.com/1146100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T16:22:24Z",
"details": "important"
}
],
"title": "CVE-2019-9515"
},
{
"cve": "CVE-2019-9516",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9516"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9516",
"url": "https://www.suse.com/security/cve/CVE-2019-9516"
},
{
"category": "external",
"summary": "SUSE Bug 1145582 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1145582"
},
{
"category": "external",
"summary": "SUSE Bug 1146090 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1146090"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1193427"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T16:22:24Z",
"details": "low"
}
],
"title": "CVE-2019-9516"
},
{
"cve": "CVE-2019-9517",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9517"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9517",
"url": "https://www.suse.com/security/cve/CVE-2019-9517"
},
{
"category": "external",
"summary": "SUSE Bug 1145575 for CVE-2019-9517",
"url": "https://bugzilla.suse.com/1145575"
},
{
"category": "external",
"summary": "SUSE Bug 1146097 for CVE-2019-9517",
"url": "https://bugzilla.suse.com/1146097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T16:22:24Z",
"details": "moderate"
}
],
"title": "CVE-2019-9517"
},
{
"cve": "CVE-2019-9518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9518"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9518",
"url": "https://www.suse.com/security/cve/CVE-2019-9518"
},
{
"category": "external",
"summary": "SUSE Bug 1145662 for CVE-2019-9518",
"url": "https://bugzilla.suse.com/1145662"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9518",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146093 for CVE-2019-9518",
"url": "https://bugzilla.suse.com/1146093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs10-devel-10.16.3-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs10-docs-10.16.3-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm10-10.16.3-lp151.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T16:22:24Z",
"details": "important"
}
],
"title": "CVE-2019-9518"
}
]
}
OPENSUSE-SU-2019:2115-1
Vulnerability from csaf_opensuse - Published: 2019-09-10 16:22 - Updated: 2019-09-10 16:22Summary
Security update for nodejs8
Severity
Important
Notes
Title of the patch: Security update for nodejs8
Description of the patch: This update for nodejs8 to version 8.16.1 fixes the following issues:
Security issues fixed:
- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091).
- CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099).
- CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094).
- CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).
- CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100).
- CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).
- CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097).
- CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).
Bug fixes:
- Fixed that npm resolves its default config file like in all other versions, as /etc/nodejs/npmrc (bsc#1144919).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-2115
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
58 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs8",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs8 to version 8.16.1 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091).\n- CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099).\n- CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094).\n- CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).\n- CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100).\n- CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).\n- CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097).\n- CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).\n\nBug fixes:\n\n- Fixed that npm resolves its default config file like in all other versions, as /etc/nodejs/npmrc (bsc#1144919).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2115",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2115-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2115-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TLFKC75QWUPCRCPS6I4CH5LO7W5G2JQK/#TLFKC75QWUPCRCPS6I4CH5LO7W5G2JQK"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2115-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TLFKC75QWUPCRCPS6I4CH5LO7W5G2JQK/#TLFKC75QWUPCRCPS6I4CH5LO7W5G2JQK"
},
{
"category": "self",
"summary": "SUSE Bug 1144919",
"url": "https://bugzilla.suse.com/1144919"
},
{
"category": "self",
"summary": "SUSE Bug 1146090",
"url": "https://bugzilla.suse.com/1146090"
},
{
"category": "self",
"summary": "SUSE Bug 1146091",
"url": "https://bugzilla.suse.com/1146091"
},
{
"category": "self",
"summary": "SUSE Bug 1146093",
"url": "https://bugzilla.suse.com/1146093"
},
{
"category": "self",
"summary": "SUSE Bug 1146094",
"url": "https://bugzilla.suse.com/1146094"
},
{
"category": "self",
"summary": "SUSE Bug 1146095",
"url": "https://bugzilla.suse.com/1146095"
},
{
"category": "self",
"summary": "SUSE Bug 1146097",
"url": "https://bugzilla.suse.com/1146097"
},
{
"category": "self",
"summary": "SUSE Bug 1146099",
"url": "https://bugzilla.suse.com/1146099"
},
{
"category": "self",
"summary": "SUSE Bug 1146100",
"url": "https://bugzilla.suse.com/1146100"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9511 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9511/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9512 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9512/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9513 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9513/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9514 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9514/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9515 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9515/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9516 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9516/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9517 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9517/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9518 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9518/"
}
],
"title": "Security update for nodejs8",
"tracking": {
"current_release_date": "2019-09-10T16:22:52Z",
"generator": {
"date": "2019-09-10T16:22:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2115-1",
"initial_release_date": "2019-09-10T16:22:52Z",
"revision_history": [
{
"date": "2019-09-10T16:22:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nodejs8-8.16.1-lp151.2.6.1.i586",
"product": {
"name": "nodejs8-8.16.1-lp151.2.6.1.i586",
"product_id": "nodejs8-8.16.1-lp151.2.6.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"product": {
"name": "nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"product_id": "nodejs8-devel-8.16.1-lp151.2.6.1.i586"
}
},
{
"category": "product_version",
"name": "npm8-8.16.1-lp151.2.6.1.i586",
"product": {
"name": "npm8-8.16.1-lp151.2.6.1.i586",
"product_id": "npm8-8.16.1-lp151.2.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"product": {
"name": "nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"product_id": "nodejs8-docs-8.16.1-lp151.2.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs8-8.16.1-lp151.2.6.1.x86_64",
"product": {
"name": "nodejs8-8.16.1-lp151.2.6.1.x86_64",
"product_id": "nodejs8-8.16.1-lp151.2.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"product": {
"name": "nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"product_id": "nodejs8-devel-8.16.1-lp151.2.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm8-8.16.1-lp151.2.6.1.x86_64",
"product": {
"name": "npm8-8.16.1-lp151.2.6.1.x86_64",
"product_id": "npm8-8.16.1-lp151.2.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-8.16.1-lp151.2.6.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586"
},
"product_reference": "nodejs8-8.16.1-lp151.2.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-8.16.1-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64"
},
"product_reference": "nodejs8-8.16.1-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-devel-8.16.1-lp151.2.6.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586"
},
"product_reference": "nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-devel-8.16.1-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64"
},
"product_reference": "nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-docs-8.16.1-lp151.2.6.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch"
},
"product_reference": "nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm8-8.16.1-lp151.2.6.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586"
},
"product_reference": "npm8-8.16.1-lp151.2.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm8-8.16.1-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64"
},
"product_reference": "npm8-8.16.1-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-8.16.1-lp151.2.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586"
},
"product_reference": "nodejs8-8.16.1-lp151.2.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-8.16.1-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64"
},
"product_reference": "nodejs8-8.16.1-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-devel-8.16.1-lp151.2.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586"
},
"product_reference": "nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-devel-8.16.1-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64"
},
"product_reference": "nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs8-docs-8.16.1-lp151.2.6.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch"
},
"product_reference": "nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm8-8.16.1-lp151.2.6.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586"
},
"product_reference": "npm8-8.16.1-lp151.2.6.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm8-8.16.1-lp151.2.6.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64"
},
"product_reference": "npm8-8.16.1-lp151.2.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-9511",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9511"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9511",
"url": "https://www.suse.com/security/cve/CVE-2019-9511"
},
{
"category": "external",
"summary": "SUSE Bug 1145579 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1145579"
},
{
"category": "external",
"summary": "SUSE Bug 1146091 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1146091"
},
{
"category": "external",
"summary": "SUSE Bug 1146182 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1146182"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1193427"
},
{
"category": "external",
"summary": "SUSE Bug 1202787 for CVE-2019-9511",
"url": "https://bugzilla.suse.com/1202787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T16:22:52Z",
"details": "low"
}
],
"title": "CVE-2019-9511"
},
{
"cve": "CVE-2019-9512",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9512"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9512",
"url": "https://www.suse.com/security/cve/CVE-2019-9512"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146099 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146099"
},
{
"category": "external",
"summary": "SUSE Bug 1146111 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146111"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T16:22:52Z",
"details": "important"
}
],
"title": "CVE-2019-9512"
},
{
"cve": "CVE-2019-9513",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9513"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9513",
"url": "https://www.suse.com/security/cve/CVE-2019-9513"
},
{
"category": "external",
"summary": "SUSE Bug 1145580 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1145580"
},
{
"category": "external",
"summary": "SUSE Bug 1146094 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1146094"
},
{
"category": "external",
"summary": "SUSE Bug 1146184 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1146184"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1193427"
},
{
"category": "external",
"summary": "SUSE Bug 1202787 for CVE-2019-9513",
"url": "https://bugzilla.suse.com/1202787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T16:22:52Z",
"details": "low"
}
],
"title": "CVE-2019-9513"
},
{
"cve": "CVE-2019-9514",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9514"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9514",
"url": "https://www.suse.com/security/cve/CVE-2019-9514"
},
{
"category": "external",
"summary": "SUSE Bug 1145662 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145662"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146095 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146095"
},
{
"category": "external",
"summary": "SUSE Bug 1146115 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146115"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T16:22:52Z",
"details": "important"
}
],
"title": "CVE-2019-9514"
},
{
"cve": "CVE-2019-9515",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9515"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9515",
"url": "https://www.suse.com/security/cve/CVE-2019-9515"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9515",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146100 for CVE-2019-9515",
"url": "https://bugzilla.suse.com/1146100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T16:22:52Z",
"details": "important"
}
],
"title": "CVE-2019-9515"
},
{
"cve": "CVE-2019-9516",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9516"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9516",
"url": "https://www.suse.com/security/cve/CVE-2019-9516"
},
{
"category": "external",
"summary": "SUSE Bug 1145582 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1145582"
},
{
"category": "external",
"summary": "SUSE Bug 1146090 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1146090"
},
{
"category": "external",
"summary": "SUSE Bug 1193427 for CVE-2019-9516",
"url": "https://bugzilla.suse.com/1193427"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T16:22:52Z",
"details": "low"
}
],
"title": "CVE-2019-9516"
},
{
"cve": "CVE-2019-9517",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9517"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9517",
"url": "https://www.suse.com/security/cve/CVE-2019-9517"
},
{
"category": "external",
"summary": "SUSE Bug 1145575 for CVE-2019-9517",
"url": "https://bugzilla.suse.com/1145575"
},
{
"category": "external",
"summary": "SUSE Bug 1146097 for CVE-2019-9517",
"url": "https://bugzilla.suse.com/1146097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T16:22:52Z",
"details": "moderate"
}
],
"title": "CVE-2019-9517"
},
{
"cve": "CVE-2019-9518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9518"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9518",
"url": "https://www.suse.com/security/cve/CVE-2019-9518"
},
{
"category": "external",
"summary": "SUSE Bug 1145662 for CVE-2019-9518",
"url": "https://bugzilla.suse.com/1145662"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9518",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146093 for CVE-2019-9518",
"url": "https://bugzilla.suse.com/1146093"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.0:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.0:npm8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:nodejs8-devel-8.16.1-lp151.2.6.1.x86_64",
"openSUSE Leap 15.1:nodejs8-docs-8.16.1-lp151.2.6.1.noarch",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.i586",
"openSUSE Leap 15.1:npm8-8.16.1-lp151.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-10T16:22:52Z",
"details": "important"
}
],
"title": "CVE-2019-9518"
}
]
}
OPENSUSE-SU-2019:2130-1
Vulnerability from csaf_opensuse - Published: 2019-09-14 12:16 - Updated: 2019-09-14 12:16Summary
Security update for go1.12
Severity
Moderate
Notes
Title of the patch: Security update for go1.12
Description of the patch: This update for go1.12 fixes the following issues:
Security issues fixed:
- CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth (bsc#1146111).
- CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146115).
- CVE-2019-14809: Fixed malformed hosts in URLs that leads to authorization bypass (bsc#1146123).
Bugfixes:
- Update to go version 1.12.9 (bsc#1141689).
- Adding Web Assembly stuff from misc/wasm (bsc#1139210).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-2130
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.21.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.12",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.12 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth (bsc#1146111).\n- CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146115).\n- CVE-2019-14809: Fixed malformed hosts in URLs that leads to authorization bypass (bsc#1146123).\n\nBugfixes:\n\n- Update to go version 1.12.9 (bsc#1141689).\n- Adding Web Assembly stuff from misc/wasm (bsc#1139210).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2130",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2130-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2130-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/STTKQXKGK7AYG47JA3WXKGWSW6TYWICU/#STTKQXKGK7AYG47JA3WXKGWSW6TYWICU"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2130-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/STTKQXKGK7AYG47JA3WXKGWSW6TYWICU/#STTKQXKGK7AYG47JA3WXKGWSW6TYWICU"
},
{
"category": "self",
"summary": "SUSE Bug 1139210",
"url": "https://bugzilla.suse.com/1139210"
},
{
"category": "self",
"summary": "SUSE Bug 1141689",
"url": "https://bugzilla.suse.com/1141689"
},
{
"category": "self",
"summary": "SUSE Bug 1146111",
"url": "https://bugzilla.suse.com/1146111"
},
{
"category": "self",
"summary": "SUSE Bug 1146115",
"url": "https://bugzilla.suse.com/1146115"
},
{
"category": "self",
"summary": "SUSE Bug 1146123",
"url": "https://bugzilla.suse.com/1146123"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14809 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9512 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9512/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9514 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9514/"
}
],
"title": "Security update for go1.12",
"tracking": {
"current_release_date": "2019-09-14T12:16:57Z",
"generator": {
"date": "2019-09-14T12:16:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2130-1",
"initial_release_date": "2019-09-14T12:16:57Z",
"revision_history": [
{
"date": "2019-09-14T12:16:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.12-1.12.9-lp151.2.21.1.x86_64",
"product": {
"name": "go1.12-1.12.9-lp151.2.21.1.x86_64",
"product_id": "go1.12-1.12.9-lp151.2.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.9-lp151.2.21.1.x86_64",
"product": {
"name": "go1.12-doc-1.12.9-lp151.2.21.1.x86_64",
"product_id": "go1.12-doc-1.12.9-lp151.2.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-race-1.12.9-lp151.2.21.1.x86_64",
"product": {
"name": "go1.12-race-1.12.9-lp151.2.21.1.x86_64",
"product_id": "go1.12-race-1.12.9-lp151.2.21.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-1.12.9-lp151.2.21.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.21.1.x86_64"
},
"product_reference": "go1.12-1.12.9-lp151.2.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-doc-1.12.9-lp151.2.21.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.21.1.x86_64"
},
"product_reference": "go1.12-doc-1.12.9-lp151.2.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-race-1.12.9-lp151.2.21.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.21.1.x86_64"
},
"product_reference": "go1.12-race-1.12.9-lp151.2.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-14809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14809"
}
],
"notes": [
{
"category": "general",
"text": "net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14809",
"url": "https://www.suse.com/security/cve/CVE-2019-14809"
},
{
"category": "external",
"summary": "SUSE Bug 1146123 for CVE-2019-14809",
"url": "https://bugzilla.suse.com/1146123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-14T12:16:57Z",
"details": "moderate"
}
],
"title": "CVE-2019-14809"
},
{
"cve": "CVE-2019-9512",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9512"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9512",
"url": "https://www.suse.com/security/cve/CVE-2019-9512"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146099 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146099"
},
{
"category": "external",
"summary": "SUSE Bug 1146111 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146111"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-14T12:16:57Z",
"details": "important"
}
],
"title": "CVE-2019-9512"
},
{
"cve": "CVE-2019-9514",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9514"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9514",
"url": "https://www.suse.com/security/cve/CVE-2019-9514"
},
{
"category": "external",
"summary": "SUSE Bug 1145662 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145662"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146095 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146095"
},
{
"category": "external",
"summary": "SUSE Bug 1146115 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146115"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:go1.12-1.12.9-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.9-lp151.2.21.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.9-lp151.2.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-14T12:16:57Z",
"details": "important"
}
],
"title": "CVE-2019-9514"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…