Rapid7 Vulnerability & Exploit Database

SUSE: CVE-2019-9511: SUSE Linux Security Advisory

Back to Search

SUSE: CVE-2019-9511: SUSE Linux Security Advisory

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
08/13/2019
Created
09/13/2019
Added
09/11/2019
Modified
10/22/2021

Description

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

Solution(s)

  • suse-upgrade-firefox-atk-lang
  • suse-upgrade-firefox-gdk-pixbuf-lang
  • suse-upgrade-firefox-gdk-pixbuf-query-loaders
  • suse-upgrade-firefox-gdk-pixbuf-thumbnailer
  • suse-upgrade-firefox-gio-branding-upstream
  • suse-upgrade-firefox-glib2-lang
  • suse-upgrade-firefox-glib2-tools
  • suse-upgrade-firefox-gtk3-branding-upstream
  • suse-upgrade-firefox-gtk3-data
  • suse-upgrade-firefox-gtk3-immodule-amharic
  • suse-upgrade-firefox-gtk3-immodule-inuktitut
  • suse-upgrade-firefox-gtk3-immodule-multipress
  • suse-upgrade-firefox-gtk3-immodule-thai
  • suse-upgrade-firefox-gtk3-immodule-vietnamese
  • suse-upgrade-firefox-gtk3-immodule-xim
  • suse-upgrade-firefox-gtk3-immodules-tigrigna
  • suse-upgrade-firefox-gtk3-lang
  • suse-upgrade-firefox-gtk3-tools
  • suse-upgrade-firefox-libatk-1_0-0
  • suse-upgrade-firefox-libcairo-gobject2
  • suse-upgrade-firefox-libcairo2
  • suse-upgrade-firefox-libffi4
  • suse-upgrade-firefox-libffi7
  • suse-upgrade-firefox-libgdk_pixbuf-2_0-0
  • suse-upgrade-firefox-libgtk-3-0
  • suse-upgrade-firefox-libharfbuzz0
  • suse-upgrade-firefox-libpango-1_0-0
  • suse-upgrade-libfirefox-gio-2_0-0
  • suse-upgrade-libfirefox-glib-2_0-0
  • suse-upgrade-libfirefox-gmodule-2_0-0
  • suse-upgrade-libfirefox-gobject-2_0-0
  • suse-upgrade-libfirefox-gthread-2_0-0
  • suse-upgrade-libfreebl3
  • suse-upgrade-libfreebl3-32bit
  • suse-upgrade-libnghttp2-14
  • suse-upgrade-libnghttp2-14-32bit
  • suse-upgrade-libnghttp2-devel
  • suse-upgrade-libnghttp2_asio-devel
  • suse-upgrade-libnghttp2_asio1
  • suse-upgrade-libnghttp2_asio1-32bit
  • suse-upgrade-libsoftokn3
  • suse-upgrade-libsoftokn3-32bit
  • suse-upgrade-mozilla-nspr
  • suse-upgrade-mozilla-nspr-32bit
  • suse-upgrade-mozilla-nspr-devel
  • suse-upgrade-mozilla-nss
  • suse-upgrade-mozilla-nss-32bit
  • suse-upgrade-mozilla-nss-certs
  • suse-upgrade-mozilla-nss-certs-32bit
  • suse-upgrade-mozilla-nss-devel
  • suse-upgrade-mozilla-nss-tools
  • suse-upgrade-mozillafirefox
  • suse-upgrade-mozillafirefox-branding-sled
  • suse-upgrade-mozillafirefox-translations-common
  • suse-upgrade-mozillafirefox-translations-other
  • suse-upgrade-nghttp2
  • suse-upgrade-nginx
  • suse-upgrade-nginx-source
  • suse-upgrade-nodejs10
  • suse-upgrade-nodejs10-devel
  • suse-upgrade-nodejs10-docs
  • suse-upgrade-nodejs8
  • suse-upgrade-nodejs8-devel
  • suse-upgrade-nodejs8-docs
  • suse-upgrade-npm10
  • suse-upgrade-npm8
  • suse-upgrade-python3-nghttp2
  • suse-upgrade-vim-plugin-nginx

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;