CVE-2019-10082: In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection…

critical9.1CVSS 3.1

AVNACLPRNUINSUCHINAH

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.

Affected

14 ranges

Vendor	Product	Version range	Fixed in
apache	http_server	2.4.18 – 2.4.39	—
debian	apache2	< apache2 2.4.41-1 (bookworm)	apache2 2.4.41-1 (bookworm)
oracle	communications_element_manager	—	—
oracle	communications_element_manager	—	—
oracle	communications_element_manager	—	—
oracle	communications_element_manager	—	—
oracle	enterprise_manager_ops_center	—	—
oracle	enterprise_manager_ops_center	—	—
oracle	enterprise_manager_ops_center	—	—
oracle	http_server	—	—
oracle	http_server	—	—
oracle	instantis_enterprisetrack	17.1 – 17.3	—
oracle	retail_xstore_point_of_service	—	—
paloalto	pan-os	—	—

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

osv9.1CRITICAL