Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2021-31618

Published: 15/06/2021 Updated: 01/05/2024
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Http Server

Vulnerability Summary

Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server 1.15.17

apache http server 2.4.47

fedoraproject fedora 33

fedoraproject fedora 34

debian debian linux 9.0

debian debian linux 10.0

oracle instantis enterprisetrack 17.1

oracle instantis enterprisetrack 17.2

oracle instantis enterprisetrack 17.3

oracle enterprise manager ops center 12.4.0.0

oracle zfs storage appliance kit 8.8

Vendor Advisories

Debian CVElist Bug Report Logs: apache2: CVE-2021-31618: NULL pointer dereference on specially crafted HTTP/2 request
Debian Bug report logs - #989562 apache2: CVE-2021-31618: NULL pointer dereference on specially crafted HTTP/2 request Package: src:apache2; Maintainer for src:apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 7 Jun 2021 15:39:02 UT ...
Debian Security Advisories: DSA-4937-1 apache2 -- security update
Several vulnerabilities have been found in the Apache HTTP server, which could result in denial of service In addition the implementation of the MergeSlashes option could result in unexpected behaviour For the stable distribution (buster), these problems have been fixed in version 2438-3+deb10u5 We recommend that you upgrade your apache2 packa ...
Amazon Linux 2: ALAS2-2021-1672
A null pointer de-reference was found in the way httpd handled specially crafted HTTP/2 request A remote attacker could use this flaw to crash the httpd child process, causing temporary denial of service (CVE-2021-31618) ...
Amazon Linux 2: ALAS2-2021-1678
A null pointer de-reference was found in the way httpd handled specially crafted HTTP/2 request A remote attacker could use this flaw to crash the httpd child process, causing temporary denial of service (CVE-2021-31618) ...
Red Hat: CVE-2021-31618
No description is available for this CVE ...
Arch Linux Issues:
A security issue has been found in the Apache HTTP Server (httpd) before version 2448 The Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well On violation of these restrictions, an HTTP response is sent to t ...

Mailing Lists

Full Disclosure: Re: CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request <!--X-Subject-Header-End--> <!- ...

References

CWE-476http://httpd.apache.org/security/vulnerabilities_24.htmlhttps://seclists.org/oss-sec/2021/q2/206http://www.openwall.com/lists/oss-security/2021/06/10/9https://lists.debian.org/debian-lts-announce/2021/07/msg00006.htmlhttps://www.debian.org/security/2021/dsa-4937https://security.gentoo.org/glsa/202107-38https://security.netapp.com/advisory/ntap-20210727-0008/https://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3Ehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/http://www.openwall.com/lists/oss-security/2024/03/13/2https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-4937
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook