Description

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.

Remediation

References

CVE-2019-10082

Related Vulnerabilities

WordPress Plugin More Fields Cross-Site Request Forgery (2.1)

WordPress Plugin AJAX Comment Page Cross-Site Scripting (3.25)

OpenSSL Key Management Errors Vulnerability (CVE-2016-7055)

Drupal Core 8.9.x Cross-Site Request Forgery (8.9.0 - 8.9.18)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4340)

Severity

Critical

Classification

CVE-2019-10082 CWE-416 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities