| { |
| "CVE_data_meta": { |
| "ASSIGNER": "security@apache.org", |
| "ID": "CVE-2021-41524", |
| "STATE": "REVIEW", |
| "TITLE": "null pointer dereference in h2 fuzzing" |
| }, |
| "affects": { |
| "vendor": { |
| "vendor_data": [ |
| { |
| "product": { |
| "product_data": [ |
| { |
| "product_name": "Apache HTTP Server", |
| "version": { |
| "version_data": [ |
| { |
| "version_affected": "<=", |
| "version_value": "2.4.49" |
| } |
| ] |
| } |
| } |
| ] |
| }, |
| "vendor_name": "Apache Software Foundation" |
| } |
| ] |
| } |
| }, |
| "credit": [ |
| { |
| "lang": "eng", |
| "value": "Apache httpd team would like to thank LI ZHI XIN from NSFocus Security Team for reporting this issue." |
| } |
| ], |
| "data_format": "MITRE", |
| "data_type": "CVE", |
| "data_version": "4.0", |
| "description": { |
| "description_data": [ |
| { |
| "lang": "eng", |
| "value": "While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing,\nallowing an external source to DoS the server. This requires a specially crafted request. \n\nThe vulnerability was recently introduced in version 2.4.49. No exploit is known to the project." |
| } |
| ] |
| }, |
| "generator": { |
| "engine": "Vulnogram 0.0.9" |
| }, |
| "impact": [ |
| { |
| "other": "moderate" |
| } |
| ], |
| "problemtype": { |
| "problemtype_data": [ |
| { |
| "description": [ |
| { |
| "lang": "eng", |
| "value": "CWE-476 NULL Pointer Dereference" |
| } |
| ] |
| } |
| ] |
| }, |
| "references": { |
| "reference_data": [ |
| { |
| "refsource": "CONFIRM" |
| } |
| ] |
| }, |
| "source": { |
| "discovery": "UNKNOWN" |
| }, |
| "timeline": [ |
| { |
| "lang": "eng", |
| "time": "2021-09-17", |
| "value": "reported by Gerald Lee" |
| }, |
| { |
| "lang": "eng", |
| "time": "2021-09-26", |
| "value": "fixed by r1893655 in 2.4.x" |
| }, |
| { |
| "lang": "eng", |
| "time": "2021-10-04", |
| "value": "2.4.50 released" |
| } |
| ], |
| "work_around": [ |
| { |
| "lang": "eng", |
| "value": "Disable the HTTP/2 protocol." |
| } |
| ] |
| } |