A flaw was found in Apache httpd in versions prior to 2.4.46. A specially crafted Cache-Digest header triggers negative argument to memmove() that could lead to a crash and denial of service. The highest threat from this vulnerability is to system availability.
Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability.