CVE-2019-9511 -- nghttp2, nginxID: oval:org.secpod.oval:def:1902570 | Date: (C)2019-08-30 (M)2024-04-17 |
Class: VULNERABILITY | Family: unix |
The client can request a large amount of data from a specified resource over multiple streams. It can manipulate window sizes and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a Denial-of-Service. Also knows as "HTTP/2 Data Dribble".
Platform: |
Ubuntu 16.04 |
Ubuntu 19.04 |
Ubuntu 18.04 |