Bug#989562: apache2: CVE-2021-31618: NULL pointer dereference on specially crafted HTTP/2 request

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#989562: apache2: CVE-2021-31618: NULL pointer dereference on specially crafted HTTP/2 request
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 07 Jun 2021 17:34:53 +0200
Message-id: <[🔎] 162308009369.8236.15439324376396289330.reportbug@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 989562@bugs.debian.org

Source: apache2
Version: 2.4.47-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for apache2.

CVE-2021-31618[0]:
| httpd: NULL pointer dereference on specially crafted HTTP/2 request

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-31618
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
[1] https://github.com/apache/httpd/commit/a4fba223668c554e06bc78d6e3a88f33d4238ae4
[2] https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-31618

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply to:

Follow-Ups:
- Bug#989562: apache2: CVE-2021-31618: NULL pointer dereference on specially crafted HTTP/2 request
  - From: Yadd <yadd@debian.org>
- Processed: Bug#989562 marked as pending in apache2
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Processed: Bug#989562 marked as pending in apache2
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Processed: Bug#989562 marked as pending in apache2
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Processed: Bug#989562 marked as pending in apache2
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Processed: Bug#989562 marked as pending in apache2
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Processed: Bug#989562 marked as pending in apache2
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Processed: Bug#989562 marked as pending in apache2
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Processed: Bug#989562 marked as pending in apache2
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Processed: Bug#989562 marked as pending in apache2
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Processed: Bug#989562 marked as pending in apache2
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Processed: Bug#989562 marked as pending in apache2
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#989562: marked as done (apache2: CVE-2021-31618: NULL pointer dereference on specially crafted HTTP/2 request)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Servicio de la flota
Next by Date: Bug#989562: apache2: CVE-2021-31618: NULL pointer dereference on specially crafted HTTP/2 request
Previous by thread: Servicio de la flota
Next by thread: Bug#989562: apache2: CVE-2021-31618: NULL pointer dereference on specially crafted HTTP/2 request
Index(es):
- Date
- Thread