CVE-2019-10082: httpd: read-after-free in h2 connection shutdown

Severity: Critical

CVSS Score: 9.1

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.