1. Home
  2. CVE Database
  3. CVE-2018-1302
MEDIUM · 5.9

CVE-2018-1302

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maint...

Vulnerability Description

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.

CVSS Score

5.9

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
ApacheHttp Server<= 2.4.29
CanonicalUbuntu Linux18.04
NetappClustered Data Ontap-
NetappSantricity Cloud Connector-
NetappStorage Automation Store-
NetappStoragegrid-

Related Weaknesses (CWE)

CWE-476

References

FAQ

What is CVE-2018-1302?

CVE-2018-1302 is a vulnerability with a CVSS score of 5.9 (MEDIUM). When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maint...

How severe is CVE-2018-1302?

CVE-2018-1302 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-1302?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Canonical Ubuntu Linux, Netapp Clustered Data Ontap, Netapp Santricity Cloud Connector, Netapp Storage Automation Store.