CVE-2018-1302
httpd: Use-after-free on HTTP/2 stream shutdown
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.
Cuando un flujo de datos o stream HTTP/2 se destruye después de haber sido manipulado, el servidor Apache HTTP en versiones anteriores a la 2.4.30 podría escribir un puntero NULL en una memoria ya liberada. Los bloques de memoria mantenidos por el servidor hacen que sea difícil que esta vulnerabilidad tenga lugar en configuraciones normales, el informador y el equipo no podían reproducirla fuera de builds de depuración, por lo que se clasifica como de riesgo bajo.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-07 CVE Reserved
- 2018-03-26 CVE Published
- 2024-06-26 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-476: NULL Pointer Dereference
CAPEC
References (25)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2019:0366 | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2019:0367 | 2023-11-07 | |
https://httpd.apache.org/security/vulnerabilities_24.html | 2023-11-07 | |
https://usn.ubuntu.com/3783-1 | 2023-11-07 | |
https://access.redhat.com/security/cve/CVE-2018-1302 | 2019-02-18 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1560625 | 2019-02-18 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | <= 2.4.29 Search vendor "Apache" for product "Http Server" and version " <= 2.4.29" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
Netapp Search vendor "Netapp" | Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Santricity Cloud Connector Search vendor "Netapp" for product "Santricity Cloud Connector" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Storage Automation Store Search vendor "Netapp" for product "Storage Automation Store" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Storagegrid Search vendor "Netapp" for product "Storagegrid" | - | - |
Affected
|