HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption - CVE-2019-9513ID: oval:org.secpod.oval:def:58204 | Date: (C)2019-10-10 (M)2024-04-17 |
Class: VULNERABILITY | Family: unix |
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
Platform: |
Red Hat Enterprise Linux 8 |