Search for packages
| purl | pkg:apache/httpd@2.4.32 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-a9rw-3s1y-hqd7
Aliases: CVE-2019-10082 |
Using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. |
Affected by 9 other vulnerabilities. |
|
VCID-v41h-pbbe-zfas
Aliases: CVE-2019-10081 |
HTTP/2 very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client. |
Affected by 9 other vulnerabilities. |
|
VCID-y3k1-c4rn-xbc2
Aliases: CVE-2019-9517 |
A malicious client could perform a DoS attack by flooding a connection with requests and basically never reading responses on the TCP connection. Depending on h2 worker dimensioning, it was possible to block those with relatively few connections. |
Affected by 9 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:36:22.301652+00:00 | Apache HTTPD Importer | Affected by | VCID-a9rw-3s1y-hqd7 | https://httpd.apache.org/security/json/CVE-2019-10082.json | 38.0.0 |
| 2026-04-01T12:36:22.259119+00:00 | Apache HTTPD Importer | Affected by | VCID-v41h-pbbe-zfas | https://httpd.apache.org/security/json/CVE-2019-10081.json | 38.0.0 |
| 2026-04-01T12:36:22.222639+00:00 | Apache HTTPD Importer | Affected by | VCID-y3k1-c4rn-xbc2 | https://httpd.apache.org/security/json/CVE-2019-9517.json | 38.0.0 |