CVE-2018-1302

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.

Published : 2018-03-26 15:29 Updated : 2019-08-15 09:15

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Apache Http Server 2.4.29 cpe:/a:apache:http_server:2.4.29
Netapp Clustered Data Ontap - cpe:/a:netapp:clustered_data_ontap:-
Netapp Santricity Cloud Connector - cpe:/a:netapp:santricity_cloud_connector:-
Netapp Storage Automation Store - cpe:/a:netapp:storage_automation_store:-
Netapp Storagegrid - cpe:/a:netapp:storagegrid:-
Canonical Ubuntu Linux 18.04 cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
  1. Canonical (1) Search CVE
    1. Ubuntu Linux (1) Search CVE
      1. 18.04
  2. Netapp (4) Search CVE
    1. Santricity Cloud Connector (1) Search CVE
      1. -
    2. Clustered Data Ontap (1) Search CVE
      1. -
    3. Storage Automation Store (1) Search CVE
      1. -
    4. Storagegrid (1) Search CVE
      1. -
  3. Apache (1) Search CVE
    1. Http Server (1) Search CVE
      1. 2.4.29

CWE

ID Name Description Links
CWE-476 NULL Pointer Dereference A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. CVE

History of changes

Date Event
2019-08-15 09:15
2019-02-19 11:29
2019-02-07 11:29
2018-10-04 10:29
2018-06-03 01:29
2018-04-18 16:05
2018-03-30 01:29
2018-03-29 01:29
2018-03-26 15:29

New CVE