search menu icon-carat-right cmu-wordmark

CERT Coordination Center

HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion

Vulnerability Note VU#605641

Original Release Date: 2019-08-13 | Last Revised: 2019-11-19

Overview

Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks.

Description

The Security Considerations section of RFC7540 discusses some of the considerations needed for HTTP/2 connections as they demand more resources to operate than HTTP/1.1 connections. While it generally covers expected behavior considerations, how to mitigate abnormal behavior is left to the implementer which can leave it open to the following weaknesses.

CVE-2019-9511, also known as Data Dribble
The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.

CVE-2019-9512, also known as Ping Flood
The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.

CVE-2019-9513, also known as Resource Loop
The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU, potentially leading to a denial of service.

CVE-2019-9514, also known as Reset Flood
The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both, potentially leading to a denial of service.

CVE-2019-9515, also known as Settings Flood
The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.

CVE-2019-9516, also known as 0-Length Headers Leak
The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory, potentially leading to a denial of service.

CVE-2019-9517, also known as Internal Data Buffering
The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both, potentially leading to a denial of service.

CVE-2019-9518, also known as Empty Frame Flooding
The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU, potentially leading to a denial of service.

Impact

These attacks can consume excessive system resources, potentially enough that a single end-system could cause issues on multiple servers that may lead to Distributed DoS (DDoS) attacks.

Solution

Apply an update
Install the latest updates from HTTP/2 implementers.

Vendor Information

Please see this matrix of affected products and vulnerabilities.

605641
 

Akamai Technologies, Inc. Affected

Notified:  August 07, 2019 Updated: August 15, 2019

Statement Date:   August 14, 2019

Status

Affected

Vendor Statement

(Updated 8/14/2019) All customer services have been patched.

Vendor References

Amazon Affected

Notified:  August 07, 2019 Updated: August 08, 2019

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Apache Traffic Server Project Affected

Notified:  August 07, 2019 Updated: August 08, 2019

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Apple Affected

Notified:  August 07, 2019 Updated: August 08, 2019

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cloudflare Affected

Updated:  August 14, 2019

Statement Date:   August 13, 2019

Status

Affected

Vendor Statement

Cloudflare uses NGINX for HTTP/2. Customers using Cloudflare are already protected against these attacks.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Envoy Affected

Updated:  August 08, 2019

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Facebook Affected

Updated:  August 08, 2019

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Go Programming Language Affected

Updated:  August 08, 2019

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LiteSpeed Technologies Affected

Notified:  August 15, 2019 Updated: August 17, 2019

Statement Date:   August 16, 2019

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Fixed in:

Vendor References

Microsoft Affected

Notified:  August 07, 2019 Updated: August 27, 2019

Status

Affected

Vendor Statement

Microsoft addressed these vulnerabilities in August 2019 updates.

Vendor Information

In addition, CVE-2019-9015 was addressed in February 2019 with the following KB article:
https://support.microsoft.com/en-us/help/4491420: Define thresholds on the number of HTTP/2 Settings parameters exchanged over a connection.

Vendor References

Netty Affected

Updated:  August 08, 2019

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Node.js Affected

Notified:  August 07, 2019 Updated: August 08, 2019

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Synology Affected

Notified:  August 07, 2019 Updated: August 14, 2019

Statement Date:   August 14, 2019

Status

Affected

Vendor Statement

Affected.

Vendor References

Twisted Affected

Updated:  August 08, 2019

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ubuntu Affected

Notified:  August 07, 2019 Updated: August 08, 2019

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

gRPC Affected

Updated:  August 08, 2019

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

nghttp2 Affected

Updated:  August 08, 2019

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

nginx Affected

Updated:  August 08, 2019

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HAProxy Not Affected

Updated:  August 20, 2019

Statement Date:   August 20, 2019

Status

Not Affected

Vendor Statement

We have verified that HAProxy is not vulnerable to these attacks. Willy Tarreau has issued a statement to the HAProxy mailing list: https://www.mail-archive.com/haproxy@formilux.org/msg34717.html

Vendor References

Intel Not Affected

Notified:  August 07, 2019 Updated: August 09, 2019

Statement Date:   August 07, 2019

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LANCOM Systems GmbH Not Affected

Notified:  August 07, 2019 Updated: September 03, 2019

Statement Date:   September 03, 2019

Status

Not Affected

Vendor Statement

LANCOM Systems confirms that no LANCOM product is affected.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MikroTik Not Affected

Notified:  August 07, 2019 Updated: August 09, 2019

Statement Date:   August 08, 2019

Status

Not Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

A10 Networks Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ACCESS Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ADTRAN Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ANTlabs Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ARRIS Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AT&T Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AVM GmbH Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Actelis Networks Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Actiontec Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Aerohive Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AhnLab Inc Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AirWatch Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Alcatel-Lucent Enterprise Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Allied Telesis Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Alpine Linux Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Android Open Source Project Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Apache HTTP Server Project Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Apache Tomcat Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Arch Linux Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Arista Networks, Inc. Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Aruba Networks Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Aspera Inc. Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AsusTek Computer Inc. Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Atheros Communications Inc. Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Avaya, Inc. Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Barracuda Networks Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Belden Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Belkin, Inc. Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Bell Canada Enterprises Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

BlackBerry Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Blue Coat Systems Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

BlueCat Networks, Inc. Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Blunk Microsystems Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

BoringSSL Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Broadcom Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Brocade Communication Systems Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Buffalo Inc Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CA Technologies Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CMX Systems Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CZ.NIC Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cambium Networks Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ceragon Networks Inc Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Chatterbox Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Check Point Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cirpack Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cisco Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Comcast Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Contiki OS Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CoreOS Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cradlepoint Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cricket Wireless Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cypress Semiconductor Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

D-Link Systems, Inc. Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Debian GNU/Linux Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Dell Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Dell EMC Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Dell SecureWorks Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

DesktopBSD Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Deutsche Telekom Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Devicescape Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Digi International Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

DragonFly BSD Project Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ENEA Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

EfficientIP SAS Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ericsson Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Espressif Systems Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

European Registry for Internet Domains Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Express Logic Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Extreme Networks Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

F-Secure Corporation Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

F5 Networks, Inc. Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fastly Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fedora Project Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Force10 Networks Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fortinet Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Foundry Brocade Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

FreeBSD Project Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

GFI Software, Inc. Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

GNU adns Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

GNU glibc Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

GNU wget Unknown

Notified:  July 22, 2019 Updated: July 22, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Geexbox Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Gentoo Linux Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Google Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Grandstream Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HP Inc. Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HTC Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HardenedBSD Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hewlett Packard Enterprise Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hex Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hitachi Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Honeywell Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Huawei Technologies Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM Corporation (zseries) Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM, INC. Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

INTEROP Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Illumos Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

InfoExpress, Inc. Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Infoblox Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Inmarsat Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Internet Systems Consortium Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Internet Systems Consortium - DHCP Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Interniche Technologies, inc. Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

JH Software Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Joyent Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Juniper Networks Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LG Electronics Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LITE-ON Technology Corporation Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lancope Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lantronix Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lenovo Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LibreSSL Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Linksys Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lynx Software Technologies Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Marconi, Inc. Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Marvell Semiconductors Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

McAfee Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MediaTek Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Medtronic Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Men & Mice Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MetaSwitch Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Micro Focus Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Microchip Technology Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Miredo Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Mitel Networks, Inc. Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Motorola, Inc. Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Mozilla Unknown

Notified:  July 22, 2019 Updated: July 22, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Muonics, Inc. Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NAS4Free Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NEC Corporation Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NETSCOUT Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NIKSUN Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NLnet Labs Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NetBSD Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NetBurner Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Netgear, Inc. Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nexenta Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nixu Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nokia Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nominum Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OleumTech Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenBSD Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenConnect Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenSSL Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Openwall GNU/*/Linux Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Opera Unknown

Notified:  July 22, 2019 Updated: July 22, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Oracle Corporation Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Oryx Embedded Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

PHPIDS Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Paessler Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Palo Alto Networks Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Peplink Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Philips Electronics Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

PowerDNS Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Proxim, Inc. Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Pulse Secure Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

QLogic Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

QNX Software Systems Inc. Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

QUALCOMM Incorporated Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Quadros Systems Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Quagga Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Quantenna Communications Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Red Hat, Inc. Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Riverbed Technologies Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Rocket RTOS Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Roku Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ruckus Wireless Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SMC Networks, Inc. Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SUSE Linux Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SafeNet Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Samsung Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Samsung Mobile Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Secure64 Software Corporation Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sierra Wireless Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Slackware Linux Inc. Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SmoothWall Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Snort Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SonicWall Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sonos Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sony Corporation Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sophos Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sourcefire Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Symantec Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TCPWave Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TDS Telecom Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TP-LINK Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Technicolor Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Tenable Network Security Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TippingPoint Technologies Inc. Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Tizen Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Toshiba Commerce Solutions Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TrueOS Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Turbolinux Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ubiquiti Networks Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Unisys Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Untangle Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

VMware Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vertical Networks, Inc. Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Wind River Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Wireshark Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

WizNET Technology Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Xiaomi Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Xilinx Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Zebra Technologies Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Zephyr Project Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Zyxel Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

dnsmasq Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

eCosCentric Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

eero Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

m0n0wall Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

netsnmp Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

netsnmpj Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

pfSense Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

wolfSSL Unknown

Notified:  August 07, 2019 Updated: August 07, 2019

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

View all 236 vendors View less vendors


CVSS Metrics

Group Score Vector
Base 5 AV:N/AC:L/Au:N/C:N/I:--/A:P
Temporal 3.9 E:POC/RL:OF/RC:C
Environmental 6.3 CDP:LM/TD:H/CR:ND/IR:ND/AR:H

References

Acknowledgements

Thanks to Jonathan Looney of Netflix for reporting CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, and CVE-2019-9517.
Thanks to Piotr Sikora of Google, Envoy Security Team, for reporting CVE-2019-9518.

This document was written by Madison Oliver.

Other Information

CVE IDs: CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518
Date Public: 2019-08-13
Date First Published: 2019-08-13
Date Last Updated: 2019-11-19 21:13 UTC
Document Revision: 48

Sponsored by CISA.