{ "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2021-31618", "STATE": "PUBLIC", "TITLE": "NULL pointer dereference on specially crafted HTTP/2 request" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache HTTP Server", "version": { "version_data": [ { "version_affected": "=", "version_value": "2.4.47" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "credit": [ { "lang": "eng", "value": "Apache HTTP server would like to thank LI ZHI XIN from NSFocus for reporting this." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": [ { "other": "important" } ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-476 NULL Pointer Dereference" } ] } ] }, "references": { "reference_data": [ { "refsource": "MISC", "url": "http://httpd.apache.org/security/vulnerabilities_24.html", "name": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "refsource": "MLIST", "name": "[oss-security] 20210609 CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request", "url": "http://www.openwall.com/lists/oss-security/2021/06/10/9" }, { "refsource": "MISC", "url": "https://seclists.org/oss-sec/2021/q2/206", "name": "https://seclists.org/oss-sec/2021/q2/206" }, { "refsource": "MLIST", "name": "[httpd-cvs] 20210615 svn commit: r1890801 - /httpd/site/trunk/content/security/json/CVE-2021-31618.json", "url": "https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f@%3Ccvs.httpd.apache.org%3E" }, { "refsource": "MLIST", "name": "[httpd-cvs] 20210615 svn commit: r1075782 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_24.html", "url": "https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1@%3Ccvs.httpd.apache.org%3E" }, { "refsource": "FEDORA", "name": "FEDORA-2021-051639aad4", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/" }, { "refsource": "FEDORA", "name": "FEDORA-2021-181f29c392", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/" }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20210709 [SECURITY] [DLA 2706-1] apache2 security update", "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html" }, { "refsource": "DEBIAN", "name": "DSA-4937", "url": "https://www.debian.org/security/2021/dsa-4937" }, { "refsource": "GENTOO", "name": "GLSA-202107-38", "url": "https://security.gentoo.org/glsa/202107-38" }, { "url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20210727-0008/", "url": "https://security.netapp.com/advisory/ntap-20210727-0008/" }, { "refsource": "MLIST", "name": "[oss-security] 20240313 Re: CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request", "url": "http://www.openwall.com/lists/oss-security/2024/03/13/2" } ] }, "source": { "discovery": "UNKNOWN" }, "work_around": [ { "lang": "eng", "value": "On unpatched servers, the `h2` protocol can be disabled by removing it from the `Protocols` configuration. If the `h2` protocol is not enabled, the server is not affected by this vulnerability." } ] }