CVE-2024-36387

Опубликовано: 01 июл. 2024

Источник: debian

EPSS Низкий

Описание

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
apache2	fixed	2.4.60-1		package

Примечания

https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-36387
https://github.com/apache/httpd/commit/62aa64e5aea21dd969db97aded4443c98c0735ac
(see also https://svn.apache.org/viewvc?view=revision&revision=1918557)

EPSS

Процентиль: 33%

0.0013

Низкий

Связанные уязвимости

CVE-2024-36387

CVSS3: 5.4

ubuntu

больше 1 года назад

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

CVE-2024-36387

CVSS3: 3.7

redhat

больше 1 года назад

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

CVE-2024-36387

CVSS3: 5.4

nvd

больше 1 года назад

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

CVE-2024-36387

CVSS3: 5.4

msrc

11 месяцев назад

Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2

RLSA-2024:8680

rocky

около 1 года назад

Low: mod_http2 security update

EPSS

Процентиль: 33%

0.0013

Низкий