CVE-2019-10082

Summary

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.

Affected Software

VendorProductVersion RangeStatus
n/aApache HTTP Server2.4.18 to 2.4.39affected

Weaknesses

  • mod_http2, write beyond array on h2 push

ADP Enrichment

CVE Program Container

Additional References

References