Vulnerabilities > CVE-2021-31618 - NULL Pointer Dereference vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

NVD

Published: 2021-06-15

Updated: 2024-05-01

Summary

Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Http Server 1.15.17 Apache Http Server 2.4.47	2
Application	Oracle Oracle Instantis Enterprisetrack 17.1 Oracle Instantis Enterprisetrack 17.2 Oracle Instantis Enterprisetrack 17.3 Oracle Enterprise Manager OPS Center 12.4.0.0 Oracle ZFS Storage Appliance KIT 8.8	5
OS	Fedoraproject Fedoraproject Fedora 33 Fedoraproject Fedora 34	2
OS	Debian Debian Debian Linux 9.0 Debian Debian Linux 10.0	2

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References