Description

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.

Remediation

References

CVE-2019-10082

Related Vulnerabilities

WordPress Plugin Responsive Menu-Create Mobile-Friendly Menu Multiple Vulnerabilities (3.1.3)

WordPress Plugin EU Cookie Law for GDPR/CCPA Cross-Site Scripting (3.0.6)

WordPress Plugin Users Ultra SQL Injection (1.5.15)

WordPress Plugin Royal PrettyPhoto Cross-Site Scripting (1.2)

Roundcube Multiple Cross-site Request Forgery (CSRF) Vulnerabilities (CVE-2014-9587)

Severity

Critical

Classification

CVE-2019-10082 CWE-416 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Tags

Missing Update Known Vulnerabilities