Vulnerability CVE-2019-0196


Published: 2019-06-11

Description:
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.

Type:

CWE-416

(Use After Free)

Vendor: Debian
Product: Debian linux 
Version: 9.0;
Vendor: Apache
Product: Http server 
Version:
2.4.38
2.4.37
2.4.36
2.4.35
2.4.34
2.4.33
2.4.32
2.4.30
2.4.29
2.4.28
2.4.27
2.4.26
2.4.25
2.4.24
2.4.23
2.4.22
2.4.21
2.4.20
2.4.19
2.4.18
2.4.17
Vendor: Canonical
Product: Ubuntu linux 
Version:
18.10
18.04
16.04
14.04

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html
http://www.apache.org/dist/httpd/CHANGES_2.4.39
http://www.openwall.com/lists/oss-security/2019/04/02/1
http://www.securityfocus.com/bid/107669
https://httpd.apache.org/security/vulnerabilities_24.html
https://lists.apache.org/thread.html/97a1c58e138ed58a364513b58d807a802e72bf6079ff81a10948ef7c@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac@%3Ccvs.httpd.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTJPHI3E3OKW7OT7COQXVG7DE7IDQ2OT/
https://seclists.org/bugtraq/2019/Apr/5
https://security.netapp.com/advisory/ntap-20190617-0002/
https://support.f5.com/csp/article/K44591505
https://usn.ubuntu.com/3937-1/
https://www.debian.org/security/2019/dsa-4422

Related CVE
CVE-2019-17134
Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via sim...
CVE-2019-17266
libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.
CVE-2019-16866
Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.
CVE-2019-16928
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.
CVE-2019-14835
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descript...
CVE-2019-10197
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared ...
CVE-2019-15717
Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP.
CVE-2019-11476
An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible code-exec...

Copyright 2019, cxsecurity.com

 

Back to Top