Описание
In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| apache2 | fixed | 2.4.41-1 | package | |
| apache2 | not-affected | jessie | package |
Примечания
Affects upstream versions 2.4.18 to 2.4.39
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10082
EPSS
Связанные уязвимости
In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.
In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.
In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.
In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.
Уязвимость реализации сетевого протокола HTTP/2 веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать отказ в обслуживании
EPSS