High severity7.5NVD Advisory· Published Aug 15, 2019· Updated Jun 17, 2026
CVE-2019-10081
CVE-2019-10081
Description
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12- HTTP/2/HTTP/2description
- Range: 2.4.20 - 2.4.39
- osv-coords9 versionspkg:rpm/almalinux/mod_mdpkg:rpm/opensuse/apache2&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/apache2&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/apache2&distro=openSUSE%20Tumbleweedpkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4
< 1:2.0.8-8.module_el8.5.0+2609+b30d9eec+ 8 more
- (no CPE)range: < 1:2.0.8-8.module_el8.5.0+2609+b30d9eec
- (no CPE)range: < 2.4.33-lp151.8.6.1
- (no CPE)range: < 2.4.33-lp151.8.6.1
- (no CPE)range: < 2.4.49-1.1
- (no CPE)range: < 2.4.33-3.21.1
- (no CPE)range: < 2.4.33-3.21.1
- (no CPE)range: < 2.4.23-29.43.1
- (no CPE)range: < 2.4.23-29.43.1
- (no CPE)range: < 2.4.23-29.43.1
Patches
Vulnerability mechanics
References
21- httpd.apache.org/security/vulnerabilities_24.htmlnvdExploitVendor Advisory
- seclists.org/bugtraq/2019/Aug/47nvdThird Party Advisory
- www.debian.org/security/2019/dsa-4509nvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.htmlnvd
- lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Envd
- security.gentoo.org/glsa/201909-04nvd
- security.netapp.com/advisory/ntap-20190905-0003/nvd
- support.f5.com/csp/article/K84341091nvd
- usn.ubuntu.com/4113-1/nvd
- www.oracle.com/security-alerts/cpuapr2020.htmlnvd
- www.oracle.com/security-alerts/cpujul2020.htmlnvd
- www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlnvd
News mentions
0No linked articles in our index yet.