0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Apache 2 HTTP2 Module Concurrent Pool Usage Vulnerability
Author
Risk
![](/img/risk/critlow_2.gif)
Security Risk Medium
]0day-ID
Category
Date add
CVE
Platform
apache2: concurrent pool usage in http2 module h2_mplx.c contains a number of calls to ap_log_cerror using m->c (the master connection) as an argument. These calls can trigger allocations using the m->c->pool. One example is core_generate_log_id. As some of the code in h2_mplx.c is executed on a worker thread, it is possible that the main thread performs a parallel allocation and corrupts the pool. (apr memory pools are not thread-safe) Most logging calls are using DEBUG and TRACE levels and can't be exploited in a production environment. However, the task_done function calls ap_log_cerror with APLOG_INFO when throttling tasks, which can be triggered by a malicious client: h2_mplx.c:809 ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, m->c, H2_STRM_MSG(stream, \"redo, added to q\")); This bug is subject to a 90 day disclosure deadline. After 90 days elapse, the bug report will become visible to the public. The scheduled disclosure date is 2020-09-14. Disclosure at an earlier date is also possible if agreed upon by all parties. Related CVE Numbers: CVE-2020-11993. # 0day.today [2024-07-04] #