You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@apache.org by Stefan Eissing <ic...@apache.org> on 2021/10/05 09:02:50 UTC
CVE-2021-41524: Apache HTTP Server: null pointer dereference in h2
fuzzing
Severity: moderate
Description:
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing,
allowing an external source to DoS the server. This requires a specially crafted request.
The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.
Mitigation:
Disable the HTTP/2 protocol.
Credit:
Apache httpd team would like to thank LI ZHI XIN from NSFocus Security Team for reporting this issue.
References:
https://httpd.apache.org/security/vulnerabilities_24.html