Hi,
on https://httpd.apache.org/security/vulnerabilities_24.html , both
CVE-2020-9490 and CVE-2020-11993 have the Subject "Push Diary Crash on
Specifically Crafted HTTP/2 Header". Shouldn't the Subject for
CVE-2020-11993 be something like "memory corruption due to concurrent
log pool usage"? Or can this actually be triggered by push requests, too?
Cheers,
Stefan
on https://httpd.apache.org/security/vulnerabilities_24.html , both
CVE-2020-9490 and CVE-2020-11993 have the Subject "Push Diary Crash on
Specifically Crafted HTTP/2 Header". Shouldn't the Subject for
CVE-2020-11993 be something like "memory corruption due to concurrent
log pool usage"? Or can this actually be triggered by push requests, too?
Cheers,
Stefan