VDB
ALPINE-CVE-2019-9512
ALPINE-CVE-2019-9512
PUBLISHED
CVSS 7.5 HIGH
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.13 | nodejs | 0, 6.11.3-r0, 6.11.2-r0 |
| Alpine:v3.9 | nodejs | 10.14.2-r0, 0, 8.9.4-r0 |
| Alpine:v3.19 | nodejs | 10.16.0-r0, 10.15.3-r0, 10.15.1-r0 |
| Alpine:v3.10 | nodejs | 6.11.2-r0, 6.11.4-r0, 6.11.5-r0 |
| Alpine:v3.15 | nodejs | 6.9.4-r1, 8.10.0-r0, 8.9.3-r0 |
| Alpine:v3.20 | nodejs | 10.16.2-r0, 0, 10.14.0-r0 |
| Alpine:v3.18 | nodejs | 8.11.4-r0, 8.12.0-r0, 8.9.0-r0 |
| Alpine:v3.14 | nodejs | 10.13.0-r0, 10.14.1-r0, 10.14.2-r0 |
| Alpine:v3.11 | nodejs | 8.9.3-r0, 0, 8.9.4-r0 |
| Alpine:v3.21 | nodejs | 0, 0, 0 |
| Alpine:v3.16 | nodejs | 4.4.4-r0, 0, 10.13.0-r0 |
| Alpine:v3.23 | nodejs | 0, 0, 0 |
| Alpine:v3.17 | nodejs | 6.11.1-r2, 0, 10.13.0-r0 |
| Alpine:v3.22 | nodejs | 0, 0, 0 |
| Alpine:v3.12 | nodejs | 8.11.4-r0, 10.16.1-r0, 0 |
| Alpine:v3.24 | nodejs | 0 |
Exploit Intelligence
- cli.rs (github-poc)
- sec-build.yaml (github-poc)
Timeline
- Aug 13, 2019 CVE Published
- Apr 30, 2026 Distribution Patch
- Jun 9, 2026 CVE Updated