CVE-2019-10081
Description
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with H2PushResource, could lead to an overwrite of memory in the pushing requests pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
23.332
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-9517,CVE-2019-10081 are fixed in Apache 2.4.41 | Windows |
| apache2 security update(DSA-4509-1) apache2_2.4.25-3+deb9u8_i386.deb | Linux |
| apache2 security update(DSA-4509-1) apache2_2.4.25-3+deb9u8_amd64.deb | Linux |
| apache2 security update(DSA-4509-1) apache2_2.4.38-3+deb10u1_amd64.deb | Linux |
| Apache HTTP server (USN-4113-1) apache2_2.4.38-2ubuntu2.2_i386.deb | Linux |
| Apache HTTP server (USN-4113-1) apache2_2.4.38-2ubuntu2.2_amd64.deb | Linux |
| Apache HTTP server (USN-4113-1) apache2_2.4.18-2ubuntu3.12_i386.deb | Linux |
| Apache HTTP server (USN-4113-1) apache2_2.4.18-2ubuntu3.12_amd64.deb | Linux |
| Apache HTTP server (USN-4113-1) apache2_2.4.29-1ubuntu4.10_i386.deb | Linux |
| Apache HTTP server (USN-4113-1) apache2_2.4.29-1ubuntu4.10_amd64.deb | Linux |
| Apache HTTP server (USN-4113-1) apache2-bin_2.4.38-2ubuntu2.2_i386.deb | Linux |
| Apache HTTP server (USN-4113-1) apache2-bin_2.4.38-2ubuntu2.2_amd64.deb | Linux |
| Apache HTTP server (USN-4113-1) apache2-bin_2.4.18-2ubuntu3.12_i386.deb | Linux |
| Apache HTTP server (USN-4113-1) apache2-bin_2.4.18-2ubuntu3.12_amd64.deb | Linux |
| Apache HTTP server (USN-4113-1) apache2-bin_2.4.29-1ubuntu4.10_i386.deb | Linux |
| Apache HTTP server (USN-4113-1) apache2-bin_2.4.29-1ubuntu4.10_amd64.deb | Linux |
| SUSE-SU-2019:2329-1(SUSE Linux Enterprise Server 12-SP4 ) apache2-2.4.23-29.43.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2329-1(SUSE Linux Enterprise Server 12-SP4 ) apache2-debuginfo-2.4.23-29.43.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2329-1(SUSE Linux Enterprise Server 12-SP4 ) apache2-debugsource-2.4.23-29.43.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2329-1(SUSE Linux Enterprise Server 12-SP4 ) apache2-doc-2.4.23-29.43.1.noarch.rpm | Linux |
| SUSE-SU-2019:2329-1(SUSE Linux Enterprise Server 12-SP4 ) apache2-example-pages-2.4.23-29.43.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2329-1(SUSE Linux Enterprise Server 12-SP4 ) apache2-prefork-2.4.23-29.43.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2329-1(SUSE Linux Enterprise Server 12-SP4 ) apache2-prefork-debuginfo-2.4.23-29.43.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2329-1(SUSE Linux Enterprise Server 12-SP4 ) apache2-utils-2.4.23-29.43.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2329-1(SUSE Linux Enterprise Server 12-SP4 ) apache2-utils-debuginfo-2.4.23-29.43.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2329-1(SUSE Linux Enterprise Server 12-SP4 ) apache2-worker-2.4.23-29.43.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2329-1(SUSE Linux Enterprise Server 12-SP4 ) apache2-worker-debuginfo-2.4.23-29.43.1.x86_64.rpm | Linux |
| (RHSA-2020:4751) httpd:2.4 security, bug fix, and enhancement update httpd-2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64.rpm | Linux |
| (RHSA-2020:4751) httpd:2.4 security, bug fix, and enhancement update httpd-debugsource-2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64.rpm | Linux |
| (RHSA-2020:4751) httpd:2.4 security, bug fix, and enhancement update httpd-devel-2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64.rpm | Linux |
| (RHSA-2020:4751) httpd:2.4 security, bug fix, and enhancement update httpd-filesystem-2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch.rpm | Linux |
| (RHSA-2020:4751) httpd:2.4 security, bug fix, and enhancement update httpd-manual-2.4.37-30.module+el8.3.0+7001+0766b9e7.noarch.rpm | Linux |
| (RHSA-2020:4751) httpd:2.4 security, bug fix, and enhancement update httpd-tools-2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64.rpm | Linux |
| (RHSA-2020:4751) httpd:2.4 security, bug fix, and enhancement update mod_http2-1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64.rpm | Linux |
| (RHSA-2020:4751) httpd:2.4 security, bug fix, and enhancement update mod_http2-debugsource-1.15.7-2.module+el8.3.0+7670+8bf57d29.x86_64.rpm | Linux |
| (RHSA-2020:4751) httpd:2.4 security, bug fix, and enhancement update mod_ldap-2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64.rpm | Linux |
| (RHSA-2020:4751) httpd:2.4 security, bug fix, and enhancement update mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm | Linux |
| (RHSA-2020:4751) httpd:2.4 security, bug fix, and enhancement update mod_proxy_html-2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64.rpm | Linux |
| (RHSA-2020:4751) httpd:2.4 security, bug fix, and enhancement update mod_session-2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64.rpm | Linux |
| (RHSA-2020:4751) httpd:2.4 security, bug fix, and enhancement update mod_ssl-2.4.37-30.module+el8.3.0+7001+0766b9e7.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234