content/security/json/CVE-2021-41524.json - httpd-site - Git at Google

 {
   "CVE_data_meta": {
     "ASSIGNER": "security@apache.org",
     "ID": "CVE-2021-41524",
     "STATE": "REVIEW",
     "TITLE": "null pointer dereference in h2 fuzzing"
   },
   "affects": {
     "vendor": {
       "vendor_data": [
         {
           "product": {
             "product_data": [
               {
                 "product_name": "Apache HTTP Server",
                 "version": {
                   "version_data": [
                     {
                       "version_affected": "<=",
                       "version_value": "2.4.49"
                     }
                   ]
                 }
               }
             ]
           },
           "vendor_name": "Apache Software Foundation"
         }
       ]
     }
   },
   "credit": [
     {
       "lang": "eng",
       "value": "Apache httpd team would like to thank LI ZHI XIN from NSFocus Security Team for reporting this issue."
     }
   ],
   "data_format": "MITRE",
   "data_type": "CVE",
   "data_version": "4.0",
   "description": {
     "description_data": [
       {
         "lang": "eng",
         "value": "While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing,\nallowing an external source to DoS the server. This requires a specially crafted request. \n\nThe vulnerability was recently introduced in version 2.4.49. No exploit is known to the project."
       }
     ]
   },
   "generator": {
     "engine": "Vulnogram 0.0.9"
   },
   "impact": [
     {
       "other": "moderate"
     }
   ],
   "problemtype": {
     "problemtype_data": [
       {
         "description": [
           {
             "lang": "eng",
             "value": "CWE-476 NULL Pointer Dereference"
           }
         ]
       }
     ]
   },
   "references": {
     "reference_data": [
       {
         "refsource": "CONFIRM"
       }
     ]
   },
   "source": {
     "discovery": "UNKNOWN"
   },
   "timeline": [
     {
       "lang": "eng",
       "time": "2021-09-17",
       "value": "reported by Gerald Lee"
     },
     {
       "lang": "eng",
       "time": "2021-09-26",
       "value": "fixed by r1893655 in 2.4.x"
     },
     {
       "lang": "eng",
       "time": "2021-10-04",
       "value": "2.4.50 released"
     }
   ],
   "work_around": [
     {
       "lang": "eng",
       "value": "Disable the HTTP/2 protocol."
     }
   ]
 }
	{
	"CVE_data_meta": {
	"ASSIGNER": "security@apache.org",
	"ID": "CVE-2021-41524",
	"STATE": "REVIEW",
	"TITLE": "null pointer dereference in h2 fuzzing"
	},
	"affects": {
	"vendor": {
	"vendor_data": [
	{
	"product": {
	"product_data": [
	{
	"product_name": "Apache HTTP Server",
	"version": {
	"version_data": [
	{
	"version_affected": "<=",
	"version_value": "2.4.49"
	}
	]
	}
	}
	]
	},
	"vendor_name": "Apache Software Foundation"
	}
	]
	}
	},
	"credit": [
	{
	"lang": "eng",
	"value": "Apache httpd team would like to thank LI ZHI XIN from NSFocus Security Team for reporting this issue."
	}
	],
	"data_format": "MITRE",
	"data_type": "CVE",
	"data_version": "4.0",
	"description": {
	"description_data": [
	{
	"lang": "eng",
	"value": "While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing,\nallowing an external source to DoS the server. This requires a specially crafted request. \n\nThe vulnerability was recently introduced in version 2.4.49. No exploit is known to the project."
	}
	]
	},
	"generator": {
	"engine": "Vulnogram 0.0.9"
	},
	"impact": [
	{
	"other": "moderate"
	}
	],
	"problemtype": {
	"problemtype_data": [
	{
	"description": [
	{
	"lang": "eng",
	"value": "CWE-476 NULL Pointer Dereference"
	}
	]
	}
	]
	},
	"references": {
	"reference_data": [
	{
	"refsource": "CONFIRM"
	}
	]
	},
	"source": {
	"discovery": "UNKNOWN"
	},
	"timeline": [
	{
	"lang": "eng",
	"time": "2021-09-17",
	"value": "reported by Gerald Lee"
	},
	{
	"lang": "eng",
	"time": "2021-09-26",
	"value": "fixed by r1893655 in 2.4.x"
	},
	{
	"lang": "eng",
	"time": "2021-10-04",
	"value": "2.4.50 released"
	}
	],
	"work_around": [
	{
	"lang": "eng",
	"value": "Disable the HTTP/2 protocol."
	}
	]
	}