Описание
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.4.29-1ubuntu4.10 |
| devel | not-affected | 2.4.41-1ubuntu1 |
| disco | released | 2.4.38-2ubuntu2.2 |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/bionic | not-affected | 2.4.29-1ubuntu4.10 |
| esm-infra/xenial | not-affected | code not built |
| precise/esm | not-affected | code not present |
| trusty | ignored | end of standard support |
| trusty/esm | not-affected | code not present |
| upstream | released | 2.4.41-1 |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configur ...
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.
Уязвимость реализации сетевого протокола HTTP/2 веб-сервера Apache HTTP Server, связанная с чтением за границами буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5 Medium
CVSS2
7.5 High
CVSS3