A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "apache2-ssl-dev": "2.4.29-1ubuntu4.6", "apache2-dbg": "2.4.29-1ubuntu4.6", "apache2-dev": "2.4.29-1ubuntu4.6", "apache2-bin": "2.4.29-1ubuntu4.6", "apache2-data": "2.4.29-1ubuntu4.6", "apache2-suexec-pristine": "2.4.29-1ubuntu4.6", "apache2-doc": "2.4.29-1ubuntu4.6", "apache2": "2.4.29-1ubuntu4.6", "apache2-utils": "2.4.29-1ubuntu4.6", "apache2-suexec-custom": "2.4.29-1ubuntu4.6" } ] }