SB2019081452 - Resource exhaustion in h2o (Alpine package)
Published: August 14, 2019
Security Bulletin ID
SB2019081452
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource exhaustion (CVE-ID: CVE-2019-9514)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of user-supplied input when processing HTTP/2 requests. A remote attacker can send specially crafted HTTP packets to the affected system trigger resource exhaustion and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=573b7537c7e1ab2732007a1d026a913613ca2d03
- https://git.alpinelinux.org/aports/commit/?id=17caf1ca31bcf51f92d7f466d287824869ec3f25
- https://git.alpinelinux.org/aports/commit/?id=c64d2552678a7126d5e1d18ac54ea0ee126298d9
- https://git.alpinelinux.org/aports/commit/?id=66b8ef9e1229d1630c160b9d6f89f315ad87acf9
- https://git.alpinelinux.org/aports/commit/?id=e59ae1cbadc31c59b3c6e298b697e299c6b59619
- https://git.alpinelinux.org/aports/commit/?id=441f8caf531eb82a234cf26ea4e64b4c4a4e7e1c
- https://git.alpinelinux.org/aports/commit/?id=3b2d519d19eed612aeaf0a62ee9003e23cbe7c2f
- https://git.alpinelinux.org/aports/commit/?id=e78ee5b73add9d52cfb312a9c213b1d6c251c17d
- https://git.alpinelinux.org/aports/commit/?id=2385a012d144e1dc7aa8b52a81395f2835033100
- https://git.alpinelinux.org/aports/commit/?id=285aeb8918cb76686f52211af1794c956dfac76e
- https://git.alpinelinux.org/aports/commit/?id=971e4b11222464f77b1bb47c32f4f1c83cd89d86
- https://git.alpinelinux.org/aports/commit/?id=2aa8f8a3facf89896330b6847713de7d92b4196a
- https://git.alpinelinux.org/aports/commit/?id=38693c8a17854105add7b52e2ed4bae410f59956
- https://git.alpinelinux.org/aports/commit/?id=3ee31e5e22ef95dc3bd1bdce9cee66e8e2d03bb3
- https://git.alpinelinux.org/aports/commit/?id=cb9fd96b70026019c51ea38d29e4ec96ba003140
- https://git.alpinelinux.org/aports/commit/?id=578c97338a5cc6615df123d2759ef349dbf88c2c
- https://git.alpinelinux.org/aports/commit/?id=75cc679dead3d9b8aebb82a11c1f81a4eaaab853
- https://git.alpinelinux.org/aports/commit/?id=7149c919df587e3f9125fdac8bc2ccd4952027e3
- https://git.alpinelinux.org/aports/commit/?id=bd54fcf2e09d34cda999f394893d8d0fa9b52a64
- https://git.alpinelinux.org/aports/commit/?id=942628e1aaa207afc5f6dd052632a11b6426ce49
- https://git.alpinelinux.org/aports/commit/?id=1e6f9b4d3f2d989dbba7b17640b425da9f8b86a0
- https://git.alpinelinux.org/aports/commit/?id=27f348ba847da969ec1809cfd6d4f76455fc5405
- https://git.alpinelinux.org/aports/commit/?id=f4894bf9bd05edccdac484db35c4d6fb06a3b26c