2295016 – (CVE-2024-38477) CVE-2024-38477 httpd: null pointer dereference in mod_proxy

Bug 2295016 (CVE-2024-38477) - CVE-2024-38477 httpd: null pointer dereference in mod_proxy

Summary: CVE-2024-38477 httpd: null pointer dereference in mod_proxy

Keywords:
Status:	NEW
Alias:	CVE-2024-38477
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2295107
Blocks:
TreeView+	depends on / blocked

Reported:	2024-07-01 19:22 UTC by OSIDB Bzimport
Modified:	2024-07-05 17:58 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the mod_proxy module of httpd. A NULL pointer dereference can be triggered when processing a specially crafted HTTP request, causing the httpd server to crash, resulting in a denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-07-01 19:22:34 UTC

null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Note You need to log in before you can comment on or make changes to this bug.