CVE-2024-36387

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

Published: Jul 1, 2024
Updated: Jul 2, 2024
CVE: CVE-2024-36387
Exploit:

No technical information available.

CWEs:

CWE-476

Affected Software
References

Software	From	Fixed in
apache / http_server	2.4.55	2.4.59.x
netapp / ontap	9	9.x

http://www.openwall.com/lists/oss-security/2024/07/01/4
https://httpd.apache.org/security/vulnerabilities_24.html
https://security.netapp.com/advisory/ntap-20240712-0001/

Vulnerability Database

CVE-2024-36387