VDB
DEBIAN-CVE-2019-9513
DEBIAN-CVE-2019-9513
PUBLISHED
CVSS 7.5 HIGH
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | nginx | 0, 0, 0 |
| Debian:12 | nghttp2 | 0, 0, 0 |
| Debian:13 | nginx | 0, 0, 0 |
| Debian:13 | nghttp2 | 0, 0, 0 |
| Debian:14 | nodejs | 0, 0, 0 |
| Debian:11 | nginx | 0, 0, 0 |
| Debian:11 | nghttp2 | 0, 0, 0 |
| Debian:14 | nghttp2 | 0, 0, 0 |
| Debian:12 | nodejs | 0, 0, 0 |
| Debian:13 | nodejs | 0, 0, 0 |
| Debian:12 | nginx | 0, 0, 0 |
| Debian:11 | nodejs | 0, 0, 0 |
Timeline
- Aug 13, 2019 CVE Published
- Apr 28, 2026 CVE Updated