Description

HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.

Remediation

References

CVE-2019-10081

Related Vulnerabilities

phpMyFAQ Weak Password Requirements Vulnerability (CVE-2023-0793)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4377)

WordPress Plugin WP Mobile Detector Arbitrary File Upload (3.5)

WordPress Plugin Audit Trail Cross-Site Scripting (1.1.13)

MySQL CVE-2021-2352 Vulnerability (CVE-2021-2352)

Severity

High

Classification

CVE-2019-10081 CWE-787 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Tags

Missing Update Known Vulnerabilities