CVE-2017-7659
Published: 26 July 2017
A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process.
Notes
Author | Note |
---|---|
mdeslaur | mod_http2 is not built in Ubuntu because it is considered experimental. |
Priority
CVSS 3 base score: 7.5
Status
Package | Release | Status |
---|---|---|
apache2 Launchpad, Ubuntu, Debian |
upstream |
Released
(2.4.26, 2.4.25-4)
|
precise |
Not vulnerable
(code not present)
|
|
trusty |
Not vulnerable
(code not present)
|
|
xenial |
Not vulnerable
(no mod_http2 support)
|
|
yakkety |
Not vulnerable
(no mod_http2 support)
|
|
zesty |
Not vulnerable
(no mod_http2 support)
|