Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.
2019-08-13T21:15:12.443
2025-01-14T19:29:55.853
Modified
CVSSv3.1: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:N/I:N/A:C
10.0
6.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | apple | swiftnio | ≤ 1.4.0 | Yes |
| Operating System | apple | mac_os_x | ≥ 10.12 | No |
| Operating System | canonical | ubuntu_linux | ≥ 14.04 | No |
| Application | apache | traffic_server | ≤ 6.2.3 | Yes |
| Application | apache | traffic_server | ≤ 7.1.6 | Yes |
| Application | apache | traffic_server | ≤ 8.0.3 | Yes |
| Operating System | debian | debian_linux | 10.0 | Yes |
| Operating System | canonical | ubuntu_linux | 16.04 | Yes |
| Operating System | canonical | ubuntu_linux | 18.04 | Yes |
| Operating System | canonical | ubuntu_linux | 19.04 | Yes |
| Operating System | debian | debian_linux | 9.0 | Yes |
| Operating System | debian | debian_linux | 10.0 | Yes |
| Application | synology | skynas | - | Yes |
| Operating System | synology | diskstation_manager | 6.2 | Yes |
| Operating System | synology | vs960hd_firmware | - | Yes |
| Hardware | synology | vs960hd | - | No |
| Operating System | fedoraproject | fedora | 29 | Yes |
| Operating System | fedoraproject | fedora | 30 | Yes |
| Operating System | opensuse | leap | 15.0 | Yes |
| Operating System | opensuse | leap | 15.1 | Yes |
| Application | redhat | developer_tools | 1.0 | Yes |
| Application | redhat | jboss_core_services | 1.0 | Yes |
| Application | redhat | jboss_enterprise_application_platform | 7.2.0 | Yes |
| Application | redhat | jboss_enterprise_application_platform | 7.3.0 | Yes |
| Application | redhat | openshift_container_platform | 3.9 | Yes |
| Application | redhat | openshift_container_platform | 3.10 | Yes |
| Application | redhat | openshift_container_platform | 3.11 | Yes |
| Application | redhat | openshift_container_platform | 4.1 | Yes |
| Application | redhat | openshift_container_platform | 4.2 | Yes |
| Application | redhat | openshift_service_mesh | 1.0 | Yes |
| Application | redhat | openstack | 14 | Yes |
| Application | redhat | quay | 3.0.0 | Yes |
| Application | redhat | single_sign-on | 7.3 | Yes |
| Application | redhat | software_collections | 1.0 | Yes |
| Operating System | redhat | enterprise_linux | 8.0 | Yes |
| Operating System | redhat | enterprise_linux_eus | 8.1 | Yes |
| Operating System | redhat | enterprise_linux_server | 7.0 | Yes |
| Operating System | redhat | enterprise_linux_workstation | 7.0 | Yes |
| Application | oracle | graalvm | 19.2.0 | Yes |
| Application | mcafee | web_gateway | < 7.7.2.24 | Yes |
| Application | mcafee | web_gateway | < 7.8.2.13 | Yes |
| Application | mcafee | web_gateway | < 8.2.0 | Yes |
| Application | netapp | cloud_insights | - | Yes |
| Application | netapp | trident | - | Yes |
| Application | f5 | big-ip_local_traffic_manager | < 11.6.5.1 | Yes |
| Application | f5 | big-ip_local_traffic_manager | < 12.1.5.1 | Yes |
| Application | f5 | big-ip_local_traffic_manager | < 13.1.3.2 | Yes |
| Application | f5 | big-ip_local_traffic_manager | < 14.0.1.1 | Yes |
| Application | f5 | big-ip_local_traffic_manager | < 14.1.2.1 | Yes |
| Application | f5 | big-ip_local_traffic_manager | < 15.0.1.1 | Yes |
| Application | nodejs | node.js | ≤ 8.8.1 | Yes |
| Application | nodejs | node.js | < 8.16.1 | Yes |
| Application | nodejs | node.js | ≤ 10.12.0 | Yes |
| Application | nodejs | node.js | < 10.16.3 | Yes |
| Application | nodejs | node.js | < 12.8.1 | Yes |