Unrated severityNVD Advisory· Published Jul 1, 2024· Updated Feb 13, 2025
Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2
CVE-2024-36387
Description
Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.
Affected products
18- osv-coords17 versionspkg:bitnami/apachepkg:rpm/almalinux/mod_http2pkg:rpm/opensuse/apache2-devel&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/apache2&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/apache2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/apache2-event&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/apache2-manual&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/apache2-prefork&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/apache2-utils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/apache2-worker&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/apache2-devel&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/apache2-event&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/apache2-prefork&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/apache2-utils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6pkg:rpm/suse/apache2-worker&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6
>= 2.4.55, < 2.4.60+ 16 more
- (no CPE)range: >= 2.4.55, < 2.4.60
- (no CPE)range: < 2.0.26-2.el9_4.1
- (no CPE)range: < 2.4.58-150600.5.18.1
- (no CPE)range: < 2.4.58-150600.5.18.1
- (no CPE)range: < 2.4.61-1.1
- (no CPE)range: < 2.4.58-150600.5.18.1
- (no CPE)range: < 2.4.58-150600.5.18.1
- (no CPE)range: < 2.4.58-150600.5.18.1
- (no CPE)range: < 2.4.58-150600.5.18.1
- (no CPE)range: < 2.4.58-150600.5.18.1
- (no CPE)range: < 2.4.58-150600.5.18.1
- (no CPE)range: < 2.4.58-150600.5.18.1
- (no CPE)range: < 2.4.58-150600.5.18.1
- (no CPE)range: < 2.4.58-150600.5.18.1
- (no CPE)range: < 2.4.58-150600.5.18.1
- (no CPE)range: < 2.4.58-150600.5.18.1
- (no CPE)range: < 2.4.58-150600.5.18.1
- Apache Software Foundation/Apache HTTP Serverv5Range: 2.4.55
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- httpd.apache.org/security/vulnerabilities_24.htmlmitrevendor-advisory
- security.netapp.com/advisory/ntap-20240712-0001/mitre
News mentions
0No linked articles in our index yet.