Security announcements for CVE-2020-9490/CVE-2020-11993 ?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Security announcements for CVE-2020-9490/CVE-2020-11993 ?

Stefan Fritsch
Hi,

on https://httpd.apache.org/security/vulnerabilities_24.html , both
CVE-2020-9490 and CVE-2020-11993 have the Subject "Push Diary Crash on
Specifically Crafted HTTP/2 Header". Shouldn't the Subject for
CVE-2020-11993 be something like "memory corruption due to concurrent
log pool usage"? Or can this actually be triggered by push requests, too?

Cheers,
Stefan