ELSA-2024-8680

Опубликовано: 30 окт. 2024

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2024-8680: mod_http2 security update (LOW)

[2.0.26-2.1]

Resolves: RHEL-45803 - mod_http2: DoS by null pointer in websocket over HTTP/2 (CVE-2024-36387)

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

mod_http2

2.0.26-2.el9_4.1

Oracle Linux x86_64

mod_http2

2.0.26-2.el9_4.1

Связанные CVE

CVE-2024-36387

Ссылки на источники

Связанные уязвимости

CVE-2024-36387

CVSS3: 5.4

ubuntu

больше 1 года назад

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

CVE-2024-36387

CVSS3: 3.7

redhat

больше 1 года назад

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

CVE-2024-36387

CVSS3: 5.4

nvd

больше 1 года назад

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

CVE-2024-36387

CVSS3: 5.4

msrc

11 месяцев назад

Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2

CVE-2024-36387

CVSS3: 5.4

debian

больше 1 года назад

Serving WebSocket protocol upgrades over a HTTP/2 connection could res ...