Loading
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.
Use CWE-400, Apple vendor hub and Swiftnio product page to widen CVE-2019-9518 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2018-4281, CVE-2022-3215 and CVE-2019-9517 for nearby disclosures in the same product family.