Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-9514

Summary
Assigner-certcc
Assigner Org ID-37e5125f-f79b-445b-8fad-9564f167944b
Published At-13 Aug, 2019 | 00:00
Updated At-04 Aug, 2024 | 21:54
Rejected At-
Credits

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:certcc
Assigner Org ID:37e5125f-f79b-445b-8fad-9564f167944b
Published At:13 Aug, 2019 | 00:00
Updated At:04 Aug, 2024 | 21:54
Rejected At:
▼CVE Numbering Authority (CNA)
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
CWECWE-400CWE-400 Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-400
Description: CWE-400 Uncontrolled Resource Consumption
Metrics
VersionBase scoreBase severityVector
3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Thanks to Jonathan Looney of Netflix for reporting this vulnerability.
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://kb.cert.org/vuls/id/605641/
third-party-advisory
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
N/A
https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E
mailing-list
https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E
mailing-list
https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E
mailing-list
https://seclists.org/bugtraq/2019/Aug/24
mailing-list
http://seclists.org/fulldisclosure/2019/Aug/16
mailing-list
https://www.synology.com/security/advisory/Synology_SA_19_33
N/A
https://seclists.org/bugtraq/2019/Aug/31
mailing-list
https://www.debian.org/security/2019/dsa-4503
vendor-advisory
https://support.f5.com/csp/article/K01988340
N/A
http://www.openwall.com/lists/oss-security/2019/08/20/1
mailing-list
https://security.netapp.com/advisory/ntap-20190823-0001/
N/A
https://security.netapp.com/advisory/ntap-20190823-0004/
N/A
https://security.netapp.com/advisory/ntap-20190823-0005/
N/A
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
vendor-advisory
https://seclists.org/bugtraq/2019/Aug/43
mailing-list
https://www.debian.org/security/2019/dsa-4508
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html
vendor-advisory
https://access.redhat.com/errata/RHSA-2019:2682
vendor-advisory
https://www.debian.org/security/2019/dsa-4520
vendor-advisory
https://access.redhat.com/errata/RHSA-2019:2726
vendor-advisory
https://seclists.org/bugtraq/2019/Sep/18
mailing-list
https://access.redhat.com/errata/RHSA-2019:2594
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
vendor-advisory
https://access.redhat.com/errata/RHSA-2019:2661
vendor-advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10296
N/A
https://access.redhat.com/errata/RHSA-2019:2690
vendor-advisory
https://access.redhat.com/errata/RHSA-2019:2766
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html
vendor-advisory
https://access.redhat.com/errata/RHSA-2019:2796
vendor-advisory
https://access.redhat.com/errata/RHSA-2019:2861
vendor-advisory
https://access.redhat.com/errata/RHSA-2019:2925
vendor-advisory
https://access.redhat.com/errata/RHSA-2019:2939
vendor-advisory
https://access.redhat.com/errata/RHSA-2019:2955
vendor-advisory
https://access.redhat.com/errata/RHSA-2019:2966
vendor-advisory
https://support.f5.com/csp/article/K01988340?utm_source=f5support&amp%3Butm_medium=RSS
N/A
https://access.redhat.com/errata/RHSA-2019:3131
vendor-advisory
https://access.redhat.com/errata/RHSA-2019:2769
vendor-advisory
https://access.redhat.com/errata/RHSA-2019:3245
vendor-advisory
https://access.redhat.com/errata/RHSA-2019:3265
vendor-advisory
https://access.redhat.com/errata/RHSA-2019:3892
vendor-advisory
https://access.redhat.com/errata/RHSA-2019:3906
vendor-advisory
https://access.redhat.com/errata/RHSA-2019:4018
vendor-advisory
https://access.redhat.com/errata/RHSA-2019:4019
vendor-advisory
https://access.redhat.com/errata/RHSA-2019:4021
vendor-advisory
https://access.redhat.com/errata/RHSA-2019:4020
vendor-advisory
https://access.redhat.com/errata/RHSA-2019:4045
vendor-advisory
https://access.redhat.com/errata/RHSA-2019:4042
vendor-advisory
https://access.redhat.com/errata/RHSA-2019:4040
vendor-advisory
https://access.redhat.com/errata/RHSA-2019:4041
vendor-advisory
https://access.redhat.com/errata/RHSA-2019:4269
vendor-advisory
https://access.redhat.com/errata/RHSA-2019:4273
vendor-advisory
https://access.redhat.com/errata/RHSA-2019:4352
vendor-advisory
https://access.redhat.com/errata/RHSA-2020:0406
vendor-advisory
https://access.redhat.com/errata/RHSA-2020:0727
vendor-advisory
https://usn.ubuntu.com/4308-1/
vendor-advisory
https://www.debian.org/security/2020/dsa-4669
vendor-advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html
mailing-list
http://www.openwall.com/lists/oss-security/2023/10/18/8
mailing-list
Hyperlink: https://kb.cert.org/vuls/id/605641/
Resource:
third-party-advisory
Hyperlink: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E
Resource:
mailing-list
Hyperlink: https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E
Resource:
mailing-list
Hyperlink: https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E
Resource:
mailing-list
Hyperlink: https://seclists.org/bugtraq/2019/Aug/24
Resource:
mailing-list
Hyperlink: http://seclists.org/fulldisclosure/2019/Aug/16
Resource:
mailing-list
Hyperlink: https://www.synology.com/security/advisory/Synology_SA_19_33
Resource: N/A
Hyperlink: https://seclists.org/bugtraq/2019/Aug/31
Resource:
mailing-list
Hyperlink: https://www.debian.org/security/2019/dsa-4503
Resource:
vendor-advisory
Hyperlink: https://support.f5.com/csp/article/K01988340
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2019/08/20/1
Resource:
mailing-list
Hyperlink: https://security.netapp.com/advisory/ntap-20190823-0001/
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20190823-0004/
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20190823-0005/
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html
Resource:
vendor-advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
Resource:
vendor-advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
Resource:
vendor-advisory
Hyperlink: https://seclists.org/bugtraq/2019/Aug/43
Resource:
mailing-list
Hyperlink: https://www.debian.org/security/2019/dsa-4508
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html
Resource:
vendor-advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/
Resource:
vendor-advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2682
Resource:
vendor-advisory
Hyperlink: https://www.debian.org/security/2019/dsa-4520
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2726
Resource:
vendor-advisory
Hyperlink: https://seclists.org/bugtraq/2019/Sep/18
Resource:
mailing-list
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2594
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2661
Resource:
vendor-advisory
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10296
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2690
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2766
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2796
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2861
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2925
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2939
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2955
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2966
Resource:
vendor-advisory
Hyperlink: https://support.f5.com/csp/article/K01988340?utm_source=f5support&amp%3Butm_medium=RSS
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2019:3131
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2769
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:3245
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:3265
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:3892
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:3906
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4018
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4019
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4021
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4020
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4045
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4042
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4040
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4041
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4269
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4273
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4352
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2020:0406
Resource:
vendor-advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2020:0727
Resource:
vendor-advisory
Hyperlink: https://usn.ubuntu.com/4308-1/
Resource:
vendor-advisory
Hyperlink: https://www.debian.org/security/2020/dsa-4669
Resource:
vendor-advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html
Resource:
mailing-list
Hyperlink: http://www.openwall.com/lists/oss-security/2023/10/18/8
Resource:
mailing-list
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://kb.cert.org/vuls/id/605641/
third-party-advisory
x_transferred
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
x_transferred
https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E
mailing-list
x_transferred
https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E
mailing-list
x_transferred
https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E
mailing-list
x_transferred
https://seclists.org/bugtraq/2019/Aug/24
mailing-list
x_transferred
http://seclists.org/fulldisclosure/2019/Aug/16
mailing-list
x_transferred
https://www.synology.com/security/advisory/Synology_SA_19_33
x_transferred
https://seclists.org/bugtraq/2019/Aug/31
mailing-list
x_transferred
https://www.debian.org/security/2019/dsa-4503
vendor-advisory
x_transferred
https://support.f5.com/csp/article/K01988340
x_transferred
http://www.openwall.com/lists/oss-security/2019/08/20/1
mailing-list
x_transferred
https://security.netapp.com/advisory/ntap-20190823-0001/
x_transferred
https://security.netapp.com/advisory/ntap-20190823-0004/
x_transferred
https://security.netapp.com/advisory/ntap-20190823-0005/
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html
vendor-advisory
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
vendor-advisory
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
vendor-advisory
x_transferred
https://seclists.org/bugtraq/2019/Aug/43
mailing-list
x_transferred
https://www.debian.org/security/2019/dsa-4508
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html
vendor-advisory
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/
vendor-advisory
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2019:2682
vendor-advisory
x_transferred
https://www.debian.org/security/2019/dsa-4520
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2019:2726
vendor-advisory
x_transferred
https://seclists.org/bugtraq/2019/Sep/18
mailing-list
x_transferred
https://access.redhat.com/errata/RHSA-2019:2594
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2019:2661
vendor-advisory
x_transferred
https://kc.mcafee.com/corporate/index?page=content&id=SB10296
x_transferred
https://access.redhat.com/errata/RHSA-2019:2690
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2019:2766
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2019:2796
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2019:2861
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2019:2925
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2019:2939
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2019:2955
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2019:2966
vendor-advisory
x_transferred
https://support.f5.com/csp/article/K01988340?utm_source=f5support&amp%3Butm_medium=RSS
x_transferred
https://access.redhat.com/errata/RHSA-2019:3131
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2019:2769
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2019:3245
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2019:3265
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2019:3892
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2019:3906
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2019:4018
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2019:4019
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2019:4021
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2019:4020
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2019:4045
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2019:4042
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2019:4040
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2019:4041
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2019:4269
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2019:4273
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2019:4352
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2020:0406
vendor-advisory
x_transferred
https://access.redhat.com/errata/RHSA-2020:0727
vendor-advisory
x_transferred
https://usn.ubuntu.com/4308-1/
vendor-advisory
x_transferred
https://www.debian.org/security/2020/dsa-4669
vendor-advisory
x_transferred
https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html
mailing-list
x_transferred
http://www.openwall.com/lists/oss-security/2023/10/18/8
mailing-list
x_transferred
Hyperlink: https://kb.cert.org/vuls/id/605641/
Resource:
third-party-advisory
x_transferred
Hyperlink: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
Resource:
x_transferred
Hyperlink: https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E
Resource:
mailing-list
x_transferred
Hyperlink: https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E
Resource:
mailing-list
x_transferred
Hyperlink: https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E
Resource:
mailing-list
x_transferred
Hyperlink: https://seclists.org/bugtraq/2019/Aug/24
Resource:
mailing-list
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2019/Aug/16
Resource:
mailing-list
x_transferred
Hyperlink: https://www.synology.com/security/advisory/Synology_SA_19_33
Resource:
x_transferred
Hyperlink: https://seclists.org/bugtraq/2019/Aug/31
Resource:
mailing-list
x_transferred
Hyperlink: https://www.debian.org/security/2019/dsa-4503
Resource:
vendor-advisory
x_transferred
Hyperlink: https://support.f5.com/csp/article/K01988340
Resource:
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2019/08/20/1
Resource:
mailing-list
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20190823-0001/
Resource:
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20190823-0004/
Resource:
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20190823-0005/
Resource:
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html
Resource:
vendor-advisory
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
Resource:
vendor-advisory
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
Resource:
vendor-advisory
x_transferred
Hyperlink: https://seclists.org/bugtraq/2019/Aug/43
Resource:
mailing-list
x_transferred
Hyperlink: https://www.debian.org/security/2019/dsa-4508
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html
Resource:
vendor-advisory
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/
Resource:
vendor-advisory
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2682
Resource:
vendor-advisory
x_transferred
Hyperlink: https://www.debian.org/security/2019/dsa-4520
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2726
Resource:
vendor-advisory
x_transferred
Hyperlink: https://seclists.org/bugtraq/2019/Sep/18
Resource:
mailing-list
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2594
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2661
Resource:
vendor-advisory
x_transferred
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10296
Resource:
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2690
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2766
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2796
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2861
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2925
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2939
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2955
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2966
Resource:
vendor-advisory
x_transferred
Hyperlink: https://support.f5.com/csp/article/K01988340?utm_source=f5support&amp%3Butm_medium=RSS
Resource:
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:3131
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2769
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:3245
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:3265
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:3892
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:3906
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4018
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4019
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4021
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4020
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4045
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4042
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4040
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4041
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4269
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4273
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4352
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2020:0406
Resource:
vendor-advisory
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2020:0727
Resource:
vendor-advisory
x_transferred
Hyperlink: https://usn.ubuntu.com/4308-1/
Resource:
vendor-advisory
x_transferred
Hyperlink: https://www.debian.org/security/2020/dsa-4669
Resource:
vendor-advisory
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html
Resource:
mailing-list
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2023/10/18/8
Resource:
mailing-list
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cret@cert.org
Published At:13 Aug, 2019 | 21:15
Updated At:14 Jan, 2025 | 19:29

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.07.8HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 7.8
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CPE Matches

Apple Inc.
apple
>>swiftnio>>Versions from 1.0.0(inclusive) to 1.4.0(inclusive)
cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>mac_os_x>>Versions from 10.12(inclusive)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>Versions from 14.04(inclusive)
cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>traffic_server>>Versions from 6.0.0(inclusive) to 6.2.3(inclusive)
cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>traffic_server>>Versions from 7.0.0(inclusive) to 7.1.6(inclusive)
cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>traffic_server>>Versions from 8.0.0(inclusive) to 8.0.3(inclusive)
cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>18.04
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>19.04
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Synology, Inc.
synology
>>skynas>>-
cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*
Synology, Inc.
synology
>>diskstation_manager>>6.2
cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*
Synology, Inc.
synology
>>vs960hd_firmware>>-
cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*
Synology, Inc.
synology
>>vs960hd>>-
cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>29
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>30
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
openSUSE
opensuse
>>leap>>15.0
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
openSUSE
opensuse
>>leap>>15.1
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>developer_tools>>1.0
cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>jboss_core_services>>1.0
cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>jboss_enterprise_application_platform>>7.2.0
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>jboss_enterprise_application_platform>>7.3.0
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>openshift_container_platform>>3.9
cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>openshift_container_platform>>3.10
cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>openshift_container_platform>>3.11
cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>openshift_container_platform>>4.1
cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>openshift_container_platform>>4.2
cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>openshift_service_mesh>>1.0
cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>openstack>>14
cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>quay>>3.0.0
cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>single_sign-on>>7.3
cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>software_collections>>1.0
cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_eus>>8.1
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server>>7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_workstation>>7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>graalvm>>19.2.0
cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*
McAfee, LLC
mcafee
>>web_gateway>>Versions from 7.7.2.0(inclusive) to 7.7.2.24(exclusive)
cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*
McAfee, LLC
mcafee
>>web_gateway>>Versions from 7.8.2.0(inclusive) to 7.8.2.13(exclusive)
cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*
McAfee, LLC
mcafee
>>web_gateway>>Versions from 8.1.0(inclusive) to 8.2.0(exclusive)
cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>cloud_insights>>-
cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>trident>>-
cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*
F5, Inc.
f5
>>big-ip_local_traffic_manager>>Versions from 11.6.1(inclusive) to 11.6.5.1(exclusive)
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
F5, Inc.
f5
>>big-ip_local_traffic_manager>>Versions from 12.1.0(inclusive) to 12.1.5.1(exclusive)
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
F5, Inc.
f5
>>big-ip_local_traffic_manager>>Versions from 13.1.0(inclusive) to 13.1.3.2(exclusive)
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
F5, Inc.
f5
>>big-ip_local_traffic_manager>>Versions from 14.0.0(inclusive) to 14.0.1.1(exclusive)
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
F5, Inc.
f5
>>big-ip_local_traffic_manager>>Versions from 14.1.0(inclusive) to 14.1.2.1(exclusive)
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
F5, Inc.
f5
>>big-ip_local_traffic_manager>>Versions from 15.0.0(inclusive) to 15.0.1.1(exclusive)
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-400Secondarycret@cert.org
CWE-770Primarynvd@nist.gov
CWE ID: CWE-400
Type: Secondary
Source: cret@cert.org
CWE ID: CWE-770
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.htmlcret@cert.org
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.htmlcret@cert.org
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.htmlcret@cert.org
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.htmlcret@cert.org
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.htmlcret@cert.org
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.htmlcret@cert.org
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.htmlcret@cert.org
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2019/Aug/16cret@cert.org
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/08/20/1cret@cert.org
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/18/8cret@cert.org
N/A
https://access.redhat.com/errata/RHSA-2019:2594cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2661cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2682cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2690cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2726cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2766cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2769cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2796cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2861cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2925cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2939cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2955cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2966cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3131cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3245cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3265cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3892cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3906cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4018cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4019cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4020cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4021cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4040cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4041cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4042cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4045cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4269cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4273cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4352cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0406cret@cert.org
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0727cret@cert.org
Third Party Advisory
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.mdcret@cert.org
Third Party Advisory
https://kb.cert.org/vuls/id/605641/cret@cert.org
Third Party Advisory
US Government Resource
https://kc.mcafee.com/corporate/index?page=content&id=SB10296cret@cert.org
Third Party Advisory
https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3Ecret@cert.org
N/A
https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3Ecret@cert.org
N/A
https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3Ecret@cert.org
N/A
https://lists.debian.org/debian-lts-announce/2020/12/msg00011.htmlcret@cert.org
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/cret@cert.org
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/cret@cert.org
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/cret@cert.org
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/cret@cert.org
N/A
https://seclists.org/bugtraq/2019/Aug/24cret@cert.org
Mailing List
Third Party Advisory
https://seclists.org/bugtraq/2019/Aug/31cret@cert.org
Mailing List
Third Party Advisory
https://seclists.org/bugtraq/2019/Aug/43cret@cert.org
Mailing List
Third Party Advisory
https://seclists.org/bugtraq/2019/Sep/18cret@cert.org
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190823-0001/cret@cert.org
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190823-0004/cret@cert.org
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190823-0005/cret@cert.org
Third Party Advisory
https://support.f5.com/csp/article/K01988340cret@cert.org
Third Party Advisory
https://support.f5.com/csp/article/K01988340?utm_source=f5support&amp%3Butm_medium=RSScret@cert.org
N/A
https://usn.ubuntu.com/4308-1/cret@cert.org
Third Party Advisory
https://www.debian.org/security/2019/dsa-4503cret@cert.org
Third Party Advisory
https://www.debian.org/security/2019/dsa-4508cret@cert.org
Third Party Advisory
https://www.debian.org/security/2019/dsa-4520cret@cert.org
Third Party Advisory
https://www.debian.org/security/2020/dsa-4669cret@cert.org
Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_33cret@cert.org
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2019/Aug/16af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/08/20/1af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/18/8af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2019:2594af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2661af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2682af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2690af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2726af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2766af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2769af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2796af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2861af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2925af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2939af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2955af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2966af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3131af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3245af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3265af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3892af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3906af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4018af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4019af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4020af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4021af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4040af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4041af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4042af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4045af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4269af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4273af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4352af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0406af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0727af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.mdaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://kb.cert.org/vuls/id/605641/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
https://kc.mcafee.com/corporate/index?page=content&id=SB10296af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.debian.org/debian-lts-announce/2020/12/msg00011.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/af854a3a-2127-422b-91ae-364da2661108
N/A
https://seclists.org/bugtraq/2019/Aug/24af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://seclists.org/bugtraq/2019/Aug/31af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://seclists.org/bugtraq/2019/Aug/43af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://seclists.org/bugtraq/2019/Sep/18af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190823-0001/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190823-0004/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190823-0005/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://support.f5.com/csp/article/K01988340af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://support.f5.com/csp/article/K01988340?utm_source=f5support&amp%3Butm_medium=RSSaf854a3a-2127-422b-91ae-364da2661108
N/A
https://usn.ubuntu.com/4308-1/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.debian.org/security/2019/dsa-4503af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.debian.org/security/2019/dsa-4508af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.debian.org/security/2019/dsa-4520af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.debian.org/security/2020/dsa-4669af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_33af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html
Source: cret@cert.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html
Source: cret@cert.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html
Source: cret@cert.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html
Source: cret@cert.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
Source: cret@cert.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
Source: cret@cert.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html
Source: cret@cert.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2019/Aug/16
Source: cret@cert.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2019/08/20/1
Source: cret@cert.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2023/10/18/8
Source: cret@cert.org
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2594
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2661
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2682
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2690
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2726
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2766
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2769
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2796
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2861
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2925
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2939
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2955
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2966
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:3131
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:3245
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:3265
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:3892
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:3906
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4018
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4019
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4020
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4021
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4040
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4041
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4042
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4045
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4269
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4273
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4352
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2020:0406
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2020:0727
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://kb.cert.org/vuls/id/605641/
Source: cret@cert.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10296
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E
Source: cret@cert.org
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E
Source: cret@cert.org
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E
Source: cret@cert.org
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/
Source: cret@cert.org
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
Source: cret@cert.org
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
Source: cret@cert.org
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/
Source: cret@cert.org
Resource: N/A
Hyperlink: https://seclists.org/bugtraq/2019/Aug/24
Source: cret@cert.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://seclists.org/bugtraq/2019/Aug/31
Source: cret@cert.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://seclists.org/bugtraq/2019/Aug/43
Source: cret@cert.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://seclists.org/bugtraq/2019/Sep/18
Source: cret@cert.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20190823-0001/
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20190823-0004/
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20190823-0005/
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://support.f5.com/csp/article/K01988340
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://support.f5.com/csp/article/K01988340?utm_source=f5support&amp%3Butm_medium=RSS
Source: cret@cert.org
Resource: N/A
Hyperlink: https://usn.ubuntu.com/4308-1/
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2019/dsa-4503
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2019/dsa-4508
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2019/dsa-4520
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2020/dsa-4669
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: https://www.synology.com/security/advisory/Synology_SA_19_33
Source: cret@cert.org
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2019/Aug/16
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2019/08/20/1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2023/10/18/8
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2594
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2661
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2682
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2690
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2726
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2766
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2769
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2796
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2861
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2925
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2939
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2955
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:2966
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:3131
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:3245
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:3265
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:3892
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:3906
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4018
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4019
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4020
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4021
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4040
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4041
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4042
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4045
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4269
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4273
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2019:4352
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2020:0406
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2020:0727
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://kb.cert.org/vuls/id/605641/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10296
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://seclists.org/bugtraq/2019/Aug/24
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://seclists.org/bugtraq/2019/Aug/31
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://seclists.org/bugtraq/2019/Aug/43
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://seclists.org/bugtraq/2019/Sep/18
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20190823-0001/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20190823-0004/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20190823-0005/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://support.f5.com/csp/article/K01988340
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://support.f5.com/csp/article/K01988340?utm_source=f5support&amp%3Butm_medium=RSS
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://usn.ubuntu.com/4308-1/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2019/dsa-4503
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2019/dsa-4508
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2019/dsa-4520
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2020/dsa-4669
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.synology.com/security/advisory/Synology_SA_19_33
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

4931Records found

CVE-2022-21680
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-2.83% / 85.03%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 00:00
Updated-22 Apr, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cubic catastrophic backtracking (ReDoS) in marked

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.

Action-Not Available
Vendor-marked_projectmarkedjsFedora Project
Product-markedfedoramarked
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-21716
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-3.51% / 87.89%
||
7 Day CHG-0.10%
Published-03 Mar, 2022 | 00:00
Updated-22 Apr, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Overflow in Twisted

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.

Action-Not Available
Vendor-twistedtwistedFedora ProjectDebian GNU/LinuxOracle Corporation
Product-http_serverdebian_linuxfedorazfs_storage_appliance_kittwistedtwisted
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-15166
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-3.41% / 87.54%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 15:35
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in ZeroMQ

In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3.

Action-Not Available
Vendor-zeromqzeromqDebian GNU/LinuxFedora Project
Product-debian_linuxfedoralibzmqlibzmq
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-14384
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.36% / 68.54%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 13:17
Updated-04 Aug, 2024 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_enterprise_application_platformjbosswebJBossWeb
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-14326
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.22% / 65.33%
||
7 Day CHG+0.01%
Published-02 Jun, 2021 | 11:23
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.

Action-Not Available
Vendor-n/aRed Hat, Inc.NetApp, Inc.
Product-resteasyintegration_camel_koncommand_insightRESTEasy
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-12662
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.17% / 86.59%
||
7 Day CHG~0.00%
Published-19 May, 2020 | 13:50
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

Action-Not Available
Vendor-nlnetlabsn/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedoraunboundleapn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-13114
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.30% / 81.38%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 15:50
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data.

Action-Not Available
Vendor-libexif_projectn/aCanonical Ltd.openSUSE
Product-ubuntu_linuxlibexifleapn/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-54472
Matching Score-10
Assigner-Apache Software Foundation
ShareView Details
Matching Score-10
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.20% / 64.78%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 09:05
Updated-04 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache bRPC: Redis Parser Remote Denial of Service

Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network. Root Cause: In the bRPC Redis protocol parser code, memory for arrays or strings of corresponding sizes is allocated based on the integers read from the network. If the integer read from the network is too large, it may cause a bad alloc error and lead to the program crashing. Attackers can exploit this feature by sending special data packets to the bRPC service to carry out a denial-of-service attack on it. The bRPC 1.14.0 version tried to fix this issue by limited the memory allocation size, however, the limitation checking code is not well implemented that may cause integer overflow and evade such limitation. So the 1.14.0 version is also vulnerable, although the integer range that affect version 1.14.0 is different from that affect version < 1.14.0. Affected scenarios: Using bRPC as a Redis server to provide network services to untrusted clients, or using bRPC as a Redis client to call untrusted Redis services. How to Fix: we provide two methods, you can choose one of them: 1. Upgrade bRPC to version 1.14.1. 2. Apply this patch ( https://github.com/apache/brpc/pull/3050 ) manually. No matter you choose which method, you should note that the patch limits the maximum length of memory allocated for each time in the bRPC Redis parser. The default limit is 64M. If some of you redis request or response have a size larger than 64M, you might encounter error after upgrade. For such case, you can modify the gflag redis_max_allocation_size to set a larger limit.

Action-Not Available
Vendor-The Apache Software Foundation
Product-brpcApache bRPC
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-11612
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.44% / 94.87%
||
7 Day CHG~0.00%
Published-07 Apr, 2020 | 18:00
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.

Action-Not Available
Vendor-n/aThe Netty ProjectNetApp, Inc.Debian GNU/LinuxFedora ProjectOracle Corporation
Product-communications_cloud_native_core_service_communication_proxysiebel_core_-_server_frameworkdebian_linuxoncommand_api_servicescommunications_messaging_servernettynosql_databasecommunications_design_studiofedoraoncommand_workflow_automationcommunications_brm_-_elastic_charging_enginewebcenter_portaloncommand_insightn/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-10758
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.24% / 80.89%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 15:05
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-single_sign-onopenshift_application_runtimeskeycloakKeycloak
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-53506
Matching Score-10
Assigner-Apache Software Foundation
ShareView Details
Matching Score-10
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.90% / 77.34%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 19:14
Updated-04 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Tomcat: DoS via excessive h2 streams at connection start

Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other EOL versions may also be affected. Users are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-tomcatApache Tomcat
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-34396
Matching Score-10
Assigner-Apache Software Foundation
ShareView Details
Matching Score-10
Assigner-Apache Software Foundation
CVSS Score-4.3||MEDIUM
EPSS-5.47% / 91.86%
||
7 Day CHG~0.00%
Published-14 Jun, 2023 | 07:50
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Struts: DoS via OOM owing to no sanity limit on normal form fields in multipart forms

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater

Action-Not Available
Vendor-The Apache Software Foundation
Product-strutsApache Struts
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-6516
Matching Score-10
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-10
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-1.10% / 61.90%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 14:05
Updated-13 Feb, 2025 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Specific recursive query patterns may lead to an out-of-memory condition

To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the cleanup events in a timely manner. This in turn enables the list of queued cleanup events to grow infinitely large over time, allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1.

Action-Not Available
Vendor-NetApp, Inc.Internet Systems Consortium, Inc.
Product-bindactive_iq_unified_managerBIND 9bind
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-11080
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-3.7||LOW
EPSS-5.32% / 91.69%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 00:00
Updated-09 Jun, 2025 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of service in nghttp2

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.

Action-Not Available
Vendor-nghttp2nghttp2Oracle CorporationFedora ProjectDebian GNU/LinuxNode.js (OpenJS Foundation)openSUSE
Product-debian_linuxblockchain_platformgraalvmnghttp2fedorabanking_extensibility_workbenchenterprise_communications_brokermysqlnode.jsleapnghttp2
CWE ID-CWE-707
Improper Neutralization
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-10995
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.37% / 90.19%
||
7 Day CHG~0.00%
Published-19 May, 2020 | 16:04
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. This is triggered by random subdomains in the NSDNAME in NS records. PowerDNS Recursor 4.1.16, 4.2.2 and 4.3.1 contain a mitigation to limit the impact of this DNS protocol issue.

Action-Not Available
Vendor-powerdnsn/aDebian GNU/LinuxopenSUSEFedora Project
Product-debian_linuxfedorarecursorbackports_sleleapn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-10705
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.19% / 64.51%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 19:29
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.

Action-Not Available
Vendor-n/aRed Hat, Inc.NetApp, Inc.
Product-openshift_application_runtimesenterprise_linuxundertowjboss_enterprise_application_platformoncommand_insightUndertow
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2020-10772
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.33% / 67.87%
||
7 Day CHG~0.00%
Published-27 Nov, 2020 | 17:40
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound.

Action-Not Available
Vendor-nlnetlabsn/aRed Hat, Inc.
Product-unboundenterprise_linuxunbound
CWE ID-CWE-406
Insufficient Control of Network Message Volume (Network Amplification)
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-6667
Matching Score-10
Assigner-F5, Inc.
ShareView Details
Matching Score-10
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-1.01% / 59.36%
||
7 Day CHG~0.00%
Published-27 Nov, 2019 | 21:51
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.5.1-11.6.5, under certain conditions, TMM may consume excessive resources when processing traffic for a Virtual Server with the FIX (Financial Information eXchange) profile applied.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_edge_gatewaybig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-6477
Matching Score-10
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-10
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-4.02% / 89.44%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 16:11
Updated-16 Sep, 2024 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TCP-pipelined queries can bypass tcp-clients limit

With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).

Action-Not Available
Vendor-Fedora ProjectInternet Systems Consortium, Inc.
Product-bindfedoraBIND9
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-6661
Matching Score-10
Assigner-F5, Inc.
ShareView Details
Matching Score-10
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-1.04% / 60.27%
||
7 Day CHG~0.00%
Published-15 Nov, 2019 | 20:35
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When the BIG-IP APM 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.4.1, or 11.5.1-11.6.5 system processes certain requests, the APD/APMD daemon may consume excessive resources.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_access_policy_managerBIG-IP APM
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-6975
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.40% / 91.79%
||
7 Day CHG~0.00%
Published-11 Feb, 2019 | 13:00
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.

Action-Not Available
Vendor-n/aCanonical Ltd.DjangoFedora Project
Product-ubuntu_linuxdjangofedoran/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-24713
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-14.46% / 96.23%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 19:00
Updated-23 Apr, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Regular expression denial of service in Rust's regex crate

regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.

Action-Not Available
Vendor-rust-langrust-langFedora ProjectDebian GNU/Linux
Product-regexdebian_linuxfedoraregex
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2023-3171
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.85% / 54.10%
||
7 Day CHG~0.00%
Published-27 Dec, 2023 | 15:45
Updated-02 Aug, 2024 | 06:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Eap-7: heap exhaustion via deserialization

A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.

Action-Not Available
Vendor-Red Hat, Inc.
Product-jboss_enterprise_application_platformenterprise_linuxRed Hat JBoss Enterprise Application Platform 7.4 on RHEL 7EAP 7.4.13Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2019-6683
Matching Score-10
Assigner-F5, Inc.
ShareView Details
Matching Score-10
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-1.01% / 59.36%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 17:01
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, BIG-IP virtual servers with Loose Initiation enabled on a FastL4 profile may be subject to excessive flow usage under undisclosed conditions.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_edge_gatewaybig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP Virtual Edition
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-53050
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.40% / 32.38%
||
7 Day CHG+0.01%
Published-21 Oct, 2025 | 20:02
Updated-23 Oct, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Performance Monitor). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprise_peopletoolsPeopleSoft Enterprise PeopleTools
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-6660
Matching Score-10
Assigner-F5, Inc.
ShareView Details
Matching Score-10
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-1.04% / 60.27%
||
7 Day CHG~0.00%
Published-15 Nov, 2019 | 20:31
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_edge_gatewaybig-ip_webacceleratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IP
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-32067
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.58% / 72.73%
||
7 Day CHG~0.00%
Published-25 May, 2023 | 22:49
Updated-13 Feb, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
0-byte UDP payload DoS in c-ares

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.

Action-Not Available
Vendor-c-ares_projectc-aresc-aresDebian GNU/LinuxFedora Project
Product-debian_linuxc-aresfedorac-aresfedoradebian_linuxc-ares
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-5419
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-8.67% / 94.53%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 13:43
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.

Action-Not Available
Vendor-Fedora ProjectDebian GNU/LinuxRuby on RailsopenSUSERed Hat, Inc.
Product-debian_linuxsoftware_collectionsfedoracloudformsrailsleaphttps://github.com/rails/rails
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-54365
Matching Score-10
Assigner-VulnCheck
ShareView Details
Matching Score-10
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.57% / 43.22%
||
7 Day CHG~0.00%
Published-23 Jun, 2026 | 12:12
Updated-15 Jul, 2026 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Traefik - Denial of Service via HTTP/2 Request Handling

Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inherited from the Go standard library's HTTP/2 implementation (CVE-2023-44487 / CVE-2023-39325, the 'Rapid Reset' technique). A remote attacker can rapidly create and cancel HTTP/2 streams to exhaust server resources and cause service unavailability.

Action-Not Available
Vendor-traefikTraefikRed Hat, Inc.Go
Product-traefikopenshift_aigoTraefikRed Hat OpenShift AI (RHOAI)Red Hat OpenShift Dev Spaces
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2019-5739
Matching Score-10
Assigner-Node.js
ShareView Details
Matching Score-10
Assigner-Node.js
CVSS Score-7.5||HIGH
EPSS-5.05% / 91.35%
||
7 Day CHG~0.00%
Published-28 Mar, 2019 | 16:27
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service (DoS) attack vector. Node.js 6.17.0 introduces server.keepAliveTimeout and the 5-second default.

Action-Not Available
Vendor-openSUSENode.js (OpenJS Foundation)
Product-node.jsleapNode.js
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2016-8610
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-39.66% / 98.46%
||
7 Day CHG~0.00%
Published-13 Nov, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

Action-Not Available
Vendor-Palo Alto Networks, Inc.Fujitsu LimitedOracle CorporationOpenSSLRed Hat, Inc.Debian GNU/LinuxNetApp, Inc.
Product-m10-1_firmwaresnapdriveservice_processorenterprise_linux_server_tusstoragegrid_webscaleretail_predictive_application_serverm12-2ssnapcenter_serveroncommand_unified_managerm10-1data_ontapweblogic_serveradaptive_access_manageroncommand_workflow_automationenterprise_linux_serverenterprise_linux_workstationjd_edwards_enterpriseone_toolspan-osm10-4opensslcommunications_analyticsjboss_enterprise_application_platformtimesten_in-memory_databasedebian_linuxenterprise_manager_ops_centerdata_ontap_edgeapplication_testing_suiteenterprise_linux_desktopm12-2s_firmwarem12-2m10-4s_firmwareenterprise_linux_server_eusoncommand_balancem10-4senterprise_linux_server_ausm12-2_firmwaregoldengate_application_adaptersclustered_data_ontap_antivirus_connectorstoragegridcommunications_ip_service_activatorm12-1_firmwarem10-4_firmwareontap_select_deploypeoplesoft_enterprise_peopletoolsclustered_data_ontaphost_agentcn1610_firmwarecore_rdbmsm12-1cn1610smi-s_providere-series_santricity_os_controllerenterprise_linuxOpenSSL
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-49763
Matching Score-10
Assigner-Apache Software Foundation
ShareView Details
Matching Score-10
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.63% / 46.27%
||
7 Day CHG~0.00%
Published-19 Jun, 2025 | 10:07
Updated-01 Jul, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Traffic Server: Remote DoS via memory exhaustion in ESI Plugin

ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted. Users can use a new setting for the plugin (--max-inclusion-depth) to limit it. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.5, from 9.0.0 through 9.2.10. Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-traffic_serverApache Traffic Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-44686
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.99% / 91.26%
||
7 Day CHG~0.00%
Published-06 Dec, 2021 | 23:41
Updated-04 Nov, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.

Action-Not Available
Vendor-calibre-ebookn/aFedora Project
Product-fedoracalibren/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-4183
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-3.52% / 87.92%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 19:05
Updated-16 Sep, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973.

Action-Not Available
Vendor-IBM CorporationNetApp, Inc.
Product-cognos_analyticsoncommand_insightCognos Analytics
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-2828
Matching Score-10
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-10
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-3.78% / 88.74%
||
7 Day CHG~0.00%
Published-21 Jun, 2023 | 16:26
Updated-13 Feb, 2025 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
named's configured cache size limit can be significantly exceeded

Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.

Action-Not Available
Vendor-NetApp, Inc.Internet Systems Consortium, Inc.Debian GNU/LinuxFedora Project
Product-debian_linuxh500sh410s_firmwarefedoraactive_iq_unified_managerh500s_firmwareh700s_firmwareh410c_firmwareh300s_firmwareh410sbindh410ch300sh700sBIND 9
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2021-43045
Matching Score-10
Assigner-Apache Software Foundation
ShareView Details
Matching Score-10
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-2.96% / 85.67%
||
7 Day CHG~0.00%
Published-06 Jan, 2022 | 18:00
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible DOS vulnerabilities in C# Avro SDK

A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-avroApache Avro
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2011-3192
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-98.95% / 99.92%
||
7 Day CHG~0.00%
Published-29 Aug, 2011 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSESUSEThe Apache Software Foundation
Product-http_serverubuntu_linuxlinux_enterprise_serverlinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-25193
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.81% / 76.22%
||
7 Day CHG~0.00%
Published-04 Feb, 2023 | 00:00
Updated-25 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.

Action-Not Available
Vendor-harfbuzz_projectn/aFedora Project
Product-harfbuzzfedoran/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-24998
Matching Score-10
Assigner-Apache Software Foundation
ShareView Details
Matching Score-10
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-46.84% / 98.69%
||
7 Day CHG~0.00%
Published-20 Feb, 2023 | 15:57
Updated-03 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Commons FileUpload, Apache Tomcat: FileUpload DoS with excessive parts

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.

Action-Not Available
Vendor-Debian GNU/LinuxThe Apache Software Foundation
Product-debian_linuxcommons_fileuploadApache TomcatApache Commons FileUpload
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-23552
Matching Score-10
Assigner-F5, Inc.
ShareView Details
Matching Score-10
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-1.54% / 72.21%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 17:56
Updated-25 Mar, 2025 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP Advanced WAF and ASM vulnerability

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_advanced_web_application_firewallbig-ip_application_security_managerBIG-IP
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-23969
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-47.10% / 98.70%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 00:00
Updated-27 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.

Action-Not Available
Vendor-n/aDjangoDebian GNU/Linux
Product-djangodebian_linuxn/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2016-7072
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-6.32% / 92.84%
||
7 Day CHG~0.00%
Published-10 Sep, 2018 | 17:00
Updated-06 Aug, 2024 | 01:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it's more complicated for an unauthorized attacker to make the web server run out of file descriptors since its connection will be closed just after being accepted, it might still be possible.

Action-Not Available
Vendor-powerdnsOpen-Xchange AGDebian GNU/Linux
Product-debian_linuxauthoritativepdns
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-23524
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.60% / 44.99%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 00:00
Updated-18 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service issue was addressed with improved input validation. This issue is fixed in tvOS 16.3.2, iOS 16.3.1 and iPadOS 16.3.1, watchOS 9.3.1, macOS Ventura 13.2.1. Processing a maliciously crafted certificate may lead to a denial-of-service.

Action-Not Available
Vendor-Apple Inc.
Product-watchosiphone_osmacostvosipadosmacOSwatchOSiOS and iPadOStvOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-24580
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-62.58% / 99.10%
||
7 Day CHG~0.00%
Published-15 Feb, 2023 | 00:00
Updated-18 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.

Action-Not Available
Vendor-n/aDjangoDebian GNU/Linux
Product-djangodebian_linuxn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2016-7426
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-12.47% / 95.77%
||
7 Day CHG~0.00%
Published-13 Jan, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.

Action-Not Available
Vendor-ntpn/aCanonical Ltd.Red Hat, Inc.Hewlett Packard Enterprise (HPE)
Product-ubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopntpenterprise_linux_server_eushpux-ntpenterprise_linux_server_ausn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-22795
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-2.28% / 81.18%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-02 Aug, 2024 | 10:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRuby on RailsRuby
Product-debian_linuxrubyrailshttps://github.com/rails/rails
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2023-22323
Matching Score-10
Assigner-F5, Inc.
ShareView Details
Matching Score-10
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.66% / 47.58%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 17:53
Updated-26 Mar, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP SSL OCSP Authentication profile vulnerability

In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_ssl_orchestratorbig-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerbig-ip_ddos_hybrid_defenderBIG-IP
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-48392
Matching Score-10
Assigner-Apache Software Foundation
ShareView Details
Matching Score-10
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.56% / 43.02%
||
7 Day CHG~0.00%
Published-24 Sep, 2025 | 07:59
Updated-04 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache IoTDB: DoS Vulnerability

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4. Users are recommended to upgrade to version 2.0.5, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-iotdbApache IoTDB
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-19343
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.63% / 73.56%
||
7 Day CHG~0.00%
Published-23 Mar, 2021 | 20:23
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable.

Action-Not Available
Vendor-n/aRed Hat, Inc.NetApp, Inc.
Product-jboss_enterprise_application_platformundertowactive_iq_unified_managerjboss-remotingUndertow
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-21996
Matching Score-10
Assigner-Oracle
ShareView Details
Matching Score-10
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.84% / 53.81%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 19:54
Updated-13 Sep, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Server
CWE ID-CWE-400
Uncontrolled Resource Consumption
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 98
  • 99
  • Next
Details not found