Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2019-0196

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.

Related bugs and status

CVE-2019-0196 (Candidate) is related to these bugs:

Bug #1840188: Apply fix for CVE-2019-0197 in v2.4.29 in Bionic and Disco

Summary				In	Importance	Status
	1840188	Apply fix for CVE-2019-0197 in v2.4.29 in Bionic and Disco		apache2 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

BID: 107669
BUGTRAQ: 20190403 [SECURITY] [D...
CONFIRM: https://httpd.apache.o...
CONFIRM: https://security.netap...
CONFIRM: https://support.f5.com...
DEBIAN: DSA-4422
FEDORA: FEDORA-2019-08e57d15fd
FEDORA: FEDORA-2019-cf7695b470
MISC: http://www.apache.org/...
MLIST: [httpd-cvs] 20190611 s...
MLIST: [httpd-cvs] 20190611 s...
MLIST: [oss-security] 2019040...
SUSE: openSUSE-SU-2019:1190
SUSE: openSUSE-SU-2019:1209
SUSE: openSUSE-SU-2019:1258
UBUNTU: USN-3937-1
FEDORA: FEDORA-2019-c7187e6dc7
MISC: https://www.oracle.com...
MLIST: [httpd-cvs] 20190815 s...
MLIST: [httpd-cvs] 20190815 s...
CONFIRM: https://support.hpe.co...
MISC: https://www.oracle.com...
REDHAT: RHSA-2019:3932
REDHAT: RHSA-2019:3933
REDHAT: RHSA-2019:3935
MLIST: [httpd-cvs] 20200401 s...
MLIST: [httpd-cvs] 20200401 s...
MISC: https://www.oracle.com...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210606 s...