Description

HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.

Remediation

References

CVE-2019-10081

Related Vulnerabilities

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-0361)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6098)

GibbonEdu Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-40214)

PHP Numeric Errors Vulnerability (CVE-2013-4635)

WordPress Plugin KN Fix Your Title Cross-Site Scripting (1.0.1)

Severity

High

Classification

CVE-2019-10081 CWE-787 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities