CVE-2019-0196: mod_http2 with scoreboard Use-After-Free (Read)

A crafted HTTP2 request can trigger reference to request data from a memory pool after its destruction. This memory is subsequently used as input to an sprintf type function for constructing a string value. This unsafe memory access ultimately means that the r->the_request string is poisoned with unintended data. To reproduce the problem, I have attached a script that will download/compile Apache httpd and reproduce the behavior with ASAN enabled. The archive also contains a nice ASAN output from the event. ## Impact This is an unsafe memory access. It could lead to process crashes, assist in other exploits, or reveal confidential data through unexplored interactions with other httpd modules.