Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2021-31618

Published: 15 June 2021

Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.

Notes

AuthorNote
mdeslaur
per upstream advisory, "This issue affected mod_http2 1.15.17
and Apache HTTP Server version 2.4.47 only. Apache HTTP Server
2.4.47 was never released."
seems introduced by:
https://github.com/apache/httpd/commit/a4fba223668c554e06bc78d6e3a88f33d4238ae4

Not sure the Debian patch in 2.4.46-5 is right, need to
investigate

Priority

Medium

Cvss 3 Severity Score

7.5

Score breakdown

Status

Package Release Status
apache2
Launchpad, Ubuntu, Debian
bionic Not vulnerable

impish Not vulnerable

jammy Not vulnerable

focal Not vulnerable

groovy Not vulnerable

hirsute Not vulnerable

trusty Not vulnerable

upstream
Released (2.4.46-5)
xenial Not vulnerable

Patches:
upstream: https://github.com/apache/httpd/commit/f990e5ecad40b100a8a5c7c1033c46044a9cb244
upstream: http://svn.apache.org/viewvc?view=revision&revision=1889759
upstream: https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/http2/h2_stream.c?r1=1889759&r2=1889758&pathrev=1889759

Severity score breakdown

Parameter Value
Base score 7.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H