It was found in httpd that a maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process. External References: https://httpd.apache.org/security/vulnerabilities_24.html
Created httpd tracking bugs for this issue: Affects: fedora-all [bug 1463208]
Upstream commit (trunk): https://github.com/apache/httpd/commit/672187c168b94b562d8065e08e2cad5b00cdd0e3 Backported to 2.4 as part of a larger commit with other changes: https://github.com/apache/httpd/commit/bc6ad1ef31f2c9e8f5eb453293a4b9caceaa191d
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Via RHSA-2017:2483 https://access.redhat.com/errata/RHSA-2017:2483