admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2021-31618 and note that after release of the CVE it was found to only affect

Browse Source 
2.4.47 (unreleased) but also the upstream mod_http2 project therefore not rejecting the CVE
This commit is contained in:
Mark J. Cox 2021-06-15 09:40:54 +01:00
parent 4202be57fe
commit b0e00ba3d7
No known key found for this signature in database
GPG Key ID: 2039C75CCA6545AB
1 changed files with 97 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
2021/31xxx/CVE-2021-31618.json
View File

@ -1,18 +1,107 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-31618",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "DRAFT",
"TITLE": "NULL pointer dereference on specially crafted HTTP/2 request"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.4.47"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache HTTP server would like to thank LI ZHI XIN from NSFocus for reporting this."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected.\n\nThis rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server.\n\nThis issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released."
}
]
}
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "important"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"refsource": "CONFIRM",
"url": "https://seclists.org/oss-sec/2021/q2/206"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "eng",
"time": "2021-04-22",
"value": "reported"
},
{
"lang": "eng",
"time": "--",
"value": "public"
},
{
"lang": "eng",
"time": "--",
"value": "2.4.48 released"
}
],
"work_around": [
{
"lang": "eng",
"value": "On unpatched servers, the `h2` protocol can be disabled by removing it from the `Protocols` configuration. If the `h2` protocol is not enabled, the server is not affected by this vulnerability."
}
]
}