Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-9789

When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.

See the

CVE page on Mitre.org for more details.

References

MLIST: [announce] 20170713 CV...
CONFIRM: https://httpd.apache.o...
BID: 99568
SECTRACK: 1038907
GENTOO: GLSA-201710-32
CONFIRM: https://security.netap...
CONFIRM: https://support.apple....
CONFIRM: https://support.hpe.co...
MLIST: [httpd-cvs] 20190815 s...
MLIST: [httpd-cvs] 20190815 s...
MLIST: [httpd-cvs] 20200401 s...
MLIST: [httpd-cvs] 20200401 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210603 s...
MLIST: [httpd-cvs] 20210606 s...
MLIST: [httpd-cvs] 20210606 s...

Launchpad.net

CVE 2017-9789

Related bugs

References