VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-6vxq-uxxw-ybeh

Essentials
Severities (18)
References (20)
Severity details (4)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-6vxq-uxxw-ybeh
Aliases	CVE-2019-0196
Summary	Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-416

Use After Free

System	Score	Found at
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0196.json
epss	0.08584	https://api.first.org/data/v1/epss?cve=CVE-2019-0196
epss	0.09496	https://api.first.org/data/v1/epss?cve=CVE-2019-0196
epss	0.09496	https://api.first.org/data/v1/epss?cve=CVE-2019-0196
epss	0.09496	https://api.first.org/data/v1/epss?cve=CVE-2019-0196
epss	0.09496	https://api.first.org/data/v1/epss?cve=CVE-2019-0196
epss	0.09496	https://api.first.org/data/v1/epss?cve=CVE-2019-0196
epss	0.09496	https://api.first.org/data/v1/epss?cve=CVE-2019-0196
epss	0.09496	https://api.first.org/data/v1/epss?cve=CVE-2019-0196
epss	0.09496	https://api.first.org/data/v1/epss?cve=CVE-2019-0196
epss	0.09496	https://api.first.org/data/v1/epss?cve=CVE-2019-0196
epss	0.09496	https://api.first.org/data/v1/epss?cve=CVE-2019-0196
epss	0.09496	https://api.first.org/data/v1/epss?cve=CVE-2019-0196
epss	0.09496	https://api.first.org/data/v1/epss?cve=CVE-2019-0196
epss	0.09496	https://api.first.org/data/v1/epss?cve=CVE-2019-0196
cvssv3	5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
apache_httpd	low	https://httpd.apache.org/security/json/CVE-2019-0196.json
archlinux	Critical	https://security.archlinux.org/AVG-946

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0196.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-0196
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1695030		https://bugzilla.redhat.com/show_bug.cgi?id=1695030
ASA-201904-3		https://security.archlinux.org/ASA-201904-3
AVG-946		https://security.archlinux.org/AVG-946
CVE-2019-0196		https://httpd.apache.org/security/json/CVE-2019-0196.json
RHSA-2019:3932		https://access.redhat.com/errata/RHSA-2019:3932
RHSA-2019:3933		https://access.redhat.com/errata/RHSA-2019:3933
RHSA-2019:3935		https://access.redhat.com/errata/RHSA-2019:3935
RHSA-2020:2644		https://access.redhat.com/errata/RHSA-2020:2644
RHSA-2020:2646		https://access.redhat.com/errata/RHSA-2020:2646
RHSA-2020:4751		https://access.redhat.com/errata/RHSA-2020:4751
USN-3937-1		https://usn.ubuntu.com/3937-1/

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0196.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.92426
EPSS Score	0.08584
Published At	April 29, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:36:21.969752+00:00	Apache HTTPD Importer	Import	https://httpd.apache.org/security/json/CVE-2019-0196.json	38.0.0