Apache mod_http2 2.4.25 Null Pointer Dereference

Apache mod_http2 2.4.25 Null Pointer Dereference: Posted Jun 20, 2017; Authored by Robert Swiecki; Apache mod_http2 versions 2.4.24 and 2.4.25 suffer from a null pointer dereference vulnerability.; tags | advisory; advisories | CVE-2017-7659; SHA-256 | e530e961d3a007b273620b857888fc551cce328fa775403586033587d675abe0; Download | Favorite | View

Apache mod_http2 2.4.25 Null Pointer Dereference

CVE-2017-7659: mod_http2 null pointer dereference 

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
httpd 2.4.24 (unreleased)
httpd 2.4.25

Description:
A maliciously constructed HTTP/2 request could cause mod_http2 to
dereference a NULL pointer and crash the server process.

Mitigation:
2.4.25 users of mod_http2 should upgrade to 2.4.26.

Credit:
The Apache HTTP Server security team would like to thank Robert AwiAcki
for reporting this issue.

References:
https://httpd.apache.org/security_report.html

Top Authors In Last 30 Days

Red Hat 239 files
Ubuntu 62 files
Debian 23 files
LiquidWorm 20 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,862)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,265)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,976)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Apache mod_http2 2.4.25 Null Pointer Dereference

Apache mod_http2 2.4.25 Null Pointer Dereference

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Apache mod_http2 2.4.25 Null Pointer Dereference

Share This

Apache mod_http2 2.4.25 Null Pointer Dereference

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems