HTTP/2 (2.4.20 through 2.4.39) very early pushes, for...
High severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Aug 15, 2019
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Apr 4, 2024
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.
References