{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-31618","assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","assignerShortName":"apache","dateUpdated":"2024-08-03T23:03:33.651Z","dateReserved":"2021-04-23T00:00:00.000Z","datePublished":"2021-06-15T00:00:00.000Z"},"containers":{"cna":{"title":"NULL pointer dereference on specially crafted HTTP/2 request","providerMetadata":{"orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache","dateUpdated":"2024-05-01T17:10:59.750Z"},"descriptions":[{"lang":"en","value":"Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released."}],"affected":[{"vendor":"Apache Software Foundation","product":"Apache HTTP Server","versions":[{"version":"2.4.47","status":"affected"}]}],"references":[{"url":"http://httpd.apache.org/security/vulnerabilities_24.html"},{"name":"[oss-security] 20210609 CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request","tags":["mailing-list"],"url":"http://www.openwall.com/lists/oss-security/2021/06/10/9"},{"url":"https://seclists.org/oss-sec/2021/q2/206"},{"name":"[httpd-cvs] 20210615 svn commit: r1890801 - /httpd/site/trunk/content/security/json/CVE-2021-31618.json","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E"},{"name":"[httpd-cvs] 20210615 svn commit: r1075782 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_24.html","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E"},{"name":"FEDORA-2021-051639aad4","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/"},{"name":"FEDORA-2021-181f29c392","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/"},{"name":"[debian-lts-announce] 20210709 [SECURITY] [DLA 2706-1] apache2 security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html"},{"name":"DSA-4937","tags":["vendor-advisory"],"url":"https://www.debian.org/security/2021/dsa-4937"},{"name":"GLSA-202107-38","tags":["vendor-advisory"],"url":"https://security.gentoo.org/glsa/202107-38"},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"url":"https://security.netapp.com/advisory/ntap-20210727-0008/"},{"name":"[oss-security] 20240313 Re: CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request","tags":["mailing-list"],"url":"http://www.openwall.com/lists/oss-security/2024/03/13/2"}],"credits":[{"lang":"en","value":"Apache HTTP server would like to thank  LI ZHI XIN from NSFocus for reporting this."}],"metrics":[{"other":{"type":"unknown","content":{"other":"important"}}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-476 NULL Pointer Dereference","cweId":"CWE-476"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"discovery":"UNKNOWN"},"workarounds":[{"lang":"en","value":"On unpatched servers, the `h2` protocol can be disabled by removing it from the `Protocols` configuration. If the `h2` protocol is not enabled, the server is not affected by this vulnerability."}]},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2021-31618","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-05-20T16:18:33.082195Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:12:39.340Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T23:03:33.651Z"},"title":"CVE Program Container","references":[{"url":"http://httpd.apache.org/security/vulnerabilities_24.html","tags":["x_transferred"]},{"name":"[oss-security] 20210609 CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request","tags":["mailing-list","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2021/06/10/9"},{"url":"https://seclists.org/oss-sec/2021/q2/206","tags":["x_transferred"]},{"name":"[httpd-cvs] 20210615 svn commit: r1890801 - /httpd/site/trunk/content/security/json/CVE-2021-31618.json","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E"},{"name":"[httpd-cvs] 20210615 svn commit: r1075782 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_24.html","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E"},{"name":"FEDORA-2021-051639aad4","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/"},{"name":"FEDORA-2021-181f29c392","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/"},{"name":"[debian-lts-announce] 20210709 [SECURITY] [DLA 2706-1] apache2 security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html"},{"name":"DSA-4937","tags":["vendor-advisory","x_transferred"],"url":"https://www.debian.org/security/2021/dsa-4937"},{"name":"GLSA-202107-38","tags":["vendor-advisory","x_transferred"],"url":"https://security.gentoo.org/glsa/202107-38"},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","tags":["x_transferred"]},{"url":"https://security.netapp.com/advisory/ntap-20210727-0008/","tags":["x_transferred"]},{"name":"[oss-security] 20240313 Re: CVE-2021-31618: Apache httpd: NULL pointer dereference on specially crafted HTTP/2 request","tags":["mailing-list","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2024/03/13/2"}]}]}}