Description

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.

Remediation

References

CVE-2019-10082

Related Vulnerabilities

Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.9)

WordPress Plugin RoyalSlider Cross-Site Scripting (3.2.6)

WordPress Plugin File Manager Information Disclosure (6.4)

Jboss EAP Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2021-3642)

WordPress Plugin Easy Pixels Unspecified Vulnerability (1.8.2)

Severity

Critical

Classification

CVE-2019-10082 CWE-416 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Tags

Missing Update Known Vulnerabilities