Search for packages
| purl | pkg:rpm/redhat/rh-nodejs8-nodejs@8.16.1-2?arch=el7 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9hzg-r1fj-pubf
Aliases: CVE-2019-9513 |
Excessive CPU usage in HTTP/2 with priority changes | There are no reported fixed by versions. |
|
VCID-aqt5-2ffy-9bgs
Aliases: CVE-2019-9515 |
HTTP/2: flood using SETTINGS frames results in unbounded memory growth | There are no reported fixed by versions. |
|
VCID-c5hc-3jtx-k3a6
Aliases: CVE-2019-9518 |
HTTP/2: flood using empty frames results in excessive resource consumption | There are no reported fixed by versions. |
|
VCID-dmv4-ydq9-a7eq
Aliases: CVE-2019-9511 |
Excessive CPU usage in HTTP/2 with small window updates | There are no reported fixed by versions. |
|
VCID-hbte-dsw2-y7ad
Aliases: CVE-2019-9512 GHSA-hgr8-6h9x-f7q9 |
golang.org/x/net/http vulnerable to ping floods Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. ### Specific Go Packages Affected golang.org/x/net/http2 | There are no reported fixed by versions. |
|
VCID-kcsp-h1s5-wbea
Aliases: CVE-2019-9516 |
Excessive memory usage in HTTP/2 with zero length headers | There are no reported fixed by versions. |
|
VCID-n66u-b73u-zucb
Aliases: CVE-2019-9514 GHSA-39qc-96h7-956f |
golang.org/x/net/http vulnerable to a reset flood Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. Servers that accept direct connections from untrusted clients could be remotely made to allocate an unlimited amount of memory, until the program crashes. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. ### Specific Go Packages Affected golang.org/x/net/http2 | There are no reported fixed by versions. |
|
VCID-y3k1-c4rn-xbc2
Aliases: CVE-2019-9517 |
A malicious client could perform a DoS attack by flooding a connection with requests and basically never reading responses on the TCP connection. Depending on h2 worker dimensioning, it was possible to block those with relatively few connections. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||