CVE-2024-36387

Опубликовано: 01 июл. 2024

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 5.4

Описание

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

Релиз	Статус	Примечание
devel	released	2.4.62-1ubuntu1
esm-infra-legacy/trusty	not-affected	https support not implemented
esm-infra/bionic	not-affected	http2 not built
esm-infra/focal	not-affected	2.4.41-4ubuntu3.19
esm-infra/xenial	not-affected	http2 not built
focal	released	2.4.41-4ubuntu3.19
jammy	released	2.4.52-1ubuntu4.10
mantic	released	2.4.57-2ubuntu2.5
noble	released	2.4.58-1ubuntu8.2
oracular	released	2.4.62-1ubuntu1

Показывать по

Ссылки на источники

EPSS

Процентиль: 51%

0.00282

Низкий

5.4 Medium

CVSS3

Связанные уязвимости

CVE-2024-36387

CVSS3: 3.7

redhat

12 месяцев назад

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

CVE-2024-36387

CVSS3: 5.4

nvd

12 месяцев назад

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

CVE-2024-36387

CVSS3: 5.4

msrc

7 месяцев назад

Описание отсутствует

CVE-2024-36387

CVSS3: 5.4

debian

12 месяцев назад

Serving WebSocket protocol upgrades over a HTTP/2 connection could res ...

RLSA-2024:8680

rocky

7 месяцев назад

Low: mod_http2 security update

EPSS

Процентиль: 51%

0.00282

Низкий

5.4 Medium

CVSS3

CVE-2024-36387

Описание

Пакет apache2

Ссылки на источники

Связанные уязвимости