Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-1302

Опубликовано: 26 мар. 2018
Источник: ubuntu
Приоритет: low
EPSS Средний
CVSS2: 4.3
CVSS3: 5.9

Описание

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.

РелизСтатусПримечание
artful

not-affected

code not built
bionic

released

2.4.29-1ubuntu4.4
devel

released

2.4.33-3ubuntu3
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/bionic

released

2.4.29-1ubuntu4.4
esm-infra/xenial

not-affected

code not built
precise/esm

not-affected

code not present
trusty

not-affected

code not present
trusty/esm

not-affected

code not present
upstream

released

2.4.30

Показывать по

Ссылки на источники

EPSS

Процентиль: 93%
0.11001
Средний

4.3 Medium

CVSS2

5.9 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-1302

CVSS3: 5.9
redhat
почти 8 лет назад

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.

nvd логотип

CVE-2018-1302

CVSS3: 5.9
nvd
почти 8 лет назад

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.

debian логотип

CVE-2018-1302

CVSS3: 5.9
debian
почти 8 лет назад

When an HTTP/2 stream was destroyed after being handled, the Apache HT ...

github логотип

GHSA-x452-9h59-82pg

CVSS3: 5.9
github
больше 3 лет назад

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.

fstec логотип

BDU:2021-01454

CVSS3: 5.3
fstec
почти 8 лет назад

Уязвимость потока HTTP/2 веб-сервера Apache HTTP Server, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 93%
0.11001
Средний

4.3 Medium

CVSS2

5.9 Medium

CVSS3