Description

HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.

Remediation

References

CVE-2019-10081

Related Vulnerabilities

WordPress Plugin Duplicator-WordPress Migration Cross-Site Request Forgery (1.1.2)

WordPress Plugin Extra User Details Privilege Escalation (0.4.2)

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5508)

Grafana Improper Verification of Cryptographic Signature Vulnerability (CVE-2022-31123)

WordPress Plugin IGIT Related Posts With Thumb Image After Posts TimThumb Arbitrary File Upload (3.9.7)

Severity

High

Classification

CVE-2019-10081 CWE-787 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities