Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-c5hc-3jtx-k3a6
Vulnerability ID VCID-c5hc-3jtx-k3a6
Aliases CVE-2019-9518
Summary HTTP/2: flood using empty frames results in excessive resource consumption
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-400 Uncontrolled Resource Consumption
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9518.json
epss 0.03645 https://api.first.org/data/v1/epss?cve=CVE-2019-9518
epss 0.03645 https://api.first.org/data/v1/epss?cve=CVE-2019-9518
epss 0.03645 https://api.first.org/data/v1/epss?cve=CVE-2019-9518
epss 0.03645 https://api.first.org/data/v1/epss?cve=CVE-2019-9518
epss 0.03645 https://api.first.org/data/v1/epss?cve=CVE-2019-9518
epss 0.03645 https://api.first.org/data/v1/epss?cve=CVE-2019-9518
epss 0.03645 https://api.first.org/data/v1/epss?cve=CVE-2019-9518
epss 0.03645 https://api.first.org/data/v1/epss?cve=CVE-2019-9518
epss 0.04696 https://api.first.org/data/v1/epss?cve=CVE-2019-9518
epss 0.04696 https://api.first.org/data/v1/epss?cve=CVE-2019-9518
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9518.json
https://api.first.org/data/v1/epss?cve=CVE-2019-9518
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1735749 https://bugzilla.redhat.com/show_bug.cgi?id=1735749
935314 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935314
RHSA-2020:0922 https://access.redhat.com/errata/RHSA-2020:0922
RHSA-2020:0983 https://access.redhat.com/errata/RHSA-2020:0983
RHSA-2020:1445 https://access.redhat.com/errata/RHSA-2020:1445
RHSA-2020:3196 https://access.redhat.com/errata/RHSA-2020:3196
RHSA-2020:3197 https://access.redhat.com/errata/RHSA-2020:3197
USN-USN-4866-1 https://usn.ubuntu.com/USN-4866-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9518.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.87825
EPSS Score 0.03645
Published At April 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T14:17:45.441526+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9518.json 38.0.0