CVE-2017-7659

Published: 26 July 2017

A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
apache2
Launchpad, Ubuntu, Debian
Upstream
Released (2.4.26, 2.4.25-4)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(no mod_http2 support)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)

Notes

AuthorNote
mdeslaur
mod_http2 is not built in Ubuntu because it is considered
experimental.

References