CVE-2019-9518: Empty DATA frame flooding

High

Lukasa published GHSA-crcg-r874-885f Aug 13, 2019 · 1 comment

Package

swift-nio-http2 (Swift)

Affected versions

>=1.0.0,<1.5.0

Patched versions

1.5.0

Description

Impact

Denial of service attack on HTTP/2 servers.

Patches

Available in 1.5.0.

Workarounds

There is no meaningful workaround without upgrading.