CVE-2024-36387

Опубликовано: 01 июл. 2024

Источник: debian

EPSS Низкий

Описание

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
apache2	fixed	2.4.60-1		package

Примечания

https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-36387
https://github.com/apache/httpd/commit/62aa64e5aea21dd969db97aded4443c98c0735ac
(see also https://svn.apache.org/viewvc?view=revision&revision=1918557)

EPSS

Процентиль: 74%

0.0084

Низкий

Связанные уязвимости

CVE-2024-36387

CVSS3: 5.4

ubuntu

около 1 года назад

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

CVE-2024-36387

CVSS3: 3.7

redhat

около 1 года назад

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

CVE-2024-36387

CVSS3: 5.4

nvd

около 1 года назад

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

CVE-2024-36387

CVSS3: 5.4

msrc

8 месяцев назад

Описание отсутствует

RLSA-2024:8680

rocky

9 месяцев назад

Low: mod_http2 security update

EPSS

Процентиль: 74%

0.0084

Низкий