Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service
CVE-2019-9516

6.5MEDIUM

Key Information:

Vendor
Apple
Status
Swiftnio
Vendor
CVE Published:
13 August 2019

Summary

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.

References

https://kb.cert.org/vuls/id/605641/
third-party-advisoryx_refsource_CERT-VN
https://github.com/Netflix/security-bulletins/blob/master...
x_refsource_MISC
https://seclists.org/bugtraq/2019/Aug/24
mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Thanks to Jonathan Looney of Netflix for reporting this vulnerability.
.