CVE-2018-1302
5.9
MEDIUM
CVSS 3.1
EPSS 12.1%
Description
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.
How to fix CVE-2018-1302
To remediate CVE-2018-1302, upgrade the affected package to a fixed version below.
- —upgrade to 2.4.33-r0 or later
- —upgrade to 2.4.33-1 or later
Is CVE-2018-1302 being exploited?
Moderate — EPSS is 12.1%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 2.4.33-r0
- from 0, < 2.4.33-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.9 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |