![]() ![]() CVE-2019-9515 “Settings Flood”: The attacker sends a stream of SETTINGS frames to the peer.Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both, potentially leading to a denial of service. CVE-2019-9514 “Reset Flood”: The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. ![]() This can consume excess CPU, potentially leading to a denial of service. CVE-2019-9513 “Resource Loop”: The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree.Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service. CVE-2019-9512 “Ping Flood”: The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses.They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. CVE-2019-9511 “Data Dribble”: The attacker requests a large amount of data from a specified resource over multiple streams.Node.js, as well as many other implementations of HTTP/2, have been found Node v10.16.3 (LTS) By Bethany Nicolle Griggs, Notable changes ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |