Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-aqt5-2ffy-9bgs
Vulnerability ID VCID-aqt5-2ffy-9bgs
Aliases CVE-2019-9515
Summary HTTP/2: flood using SETTINGS frames results in unbounded memory growth
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-400 Uncontrolled Resource Consumption
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9515.json
epss 0.09046 https://api.first.org/data/v1/epss?cve=CVE-2019-9515
epss 0.09046 https://api.first.org/data/v1/epss?cve=CVE-2019-9515
epss 0.09046 https://api.first.org/data/v1/epss?cve=CVE-2019-9515
epss 0.09046 https://api.first.org/data/v1/epss?cve=CVE-2019-9515
epss 0.09046 https://api.first.org/data/v1/epss?cve=CVE-2019-9515
epss 0.09046 https://api.first.org/data/v1/epss?cve=CVE-2019-9515
epss 0.10394 https://api.first.org/data/v1/epss?cve=CVE-2019-9515
epss 0.10394 https://api.first.org/data/v1/epss?cve=CVE-2019-9515
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9515.json
https://api.first.org/data/v1/epss?cve=CVE-2019-9515
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1735745 https://bugzilla.redhat.com/show_bug.cgi?id=1735745
934886 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886
934887 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887
RHSA-2020:0922 https://access.redhat.com/errata/RHSA-2020:0922
RHSA-2020:0983 https://access.redhat.com/errata/RHSA-2020:0983
RHSA-2020:1445 https://access.redhat.com/errata/RHSA-2020:1445
RHSA-2020:2067 https://access.redhat.com/errata/RHSA-2020:2067
RHSA-2020:2565 https://access.redhat.com/errata/RHSA-2020:2565
RHSA-2020:3196 https://access.redhat.com/errata/RHSA-2020:3196
RHSA-2020:3197 https://access.redhat.com/errata/RHSA-2020:3197
RHSA-2024:5856 https://access.redhat.com/errata/RHSA-2024:5856
USN-USN-4866-1 https://usn.ubuntu.com/USN-4866-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9515.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.92618
EPSS Score 0.09046
Published At April 7, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T14:17:41.637115+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9515.json 38.0.0