CVE-2019-0196

Summary

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache HTTP Server2.4.17 to 2.4.38affected

Weaknesses

  • mod_http2, read-after-free on a string compare

ADP Enrichment

CVE Program Container

Additional References

References