Mageia 7 MGASA-2020-0468 Moderate: Golang Denial Of Service Threat
mageia
December 21, 2020
This code was vulnerable to ping floods, potentially leading to a denial of service
Summary
This code was vulnerable to ping floods, potentially leading to a denial of
service. The attacker sends continual pings to an HTTP/2 peer, causing the peer
to build an internal queue of responses. Depending on how efficiently this data
is queued, this can consume excess CPU, memory, or both (CVE-2019-9512).
This code was vulnerable to a reset flood, potentially leading to a denial of
service. The attacker opens a number of streams and sends an invalid request
over each stream that should solicit a stream of RST_STREAM frames from the
peer. Depending on how the peer queues the RST_STREAM frames, this can consume
excess memory, CPU, or both (CVE-2019-9514).
References
- https://bugs.mageia.org/show_bug.cgi?id=27792
- https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html
- https://www.cve.org/CVERecord?id=CVE-2019-9512
- https://www.cve.org/CVERecord?id=CVE-2019-9514
Resolution
SRPMS
- 7/core/golang-googlecode-net-0-0.3.mga7
PREVIOUS
NEXT
Publication date: 21 Dec 2020
URL: https://advisories.mageia.org/MGASA-2020-0468.html
Type: security
CVE: CVE-2019-9512,
CVE-2019-9514
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!