CVE-2017-7659

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-7659
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7659.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-7659
Downstream
Related
Published
2017-07-26T21:29:00.237Z
Modified
2026-04-02T00:15:55.309252Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process.

References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type
GIT
Repo
https://github.com/apache/httpd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
68efa7025a071be93c7e755839529ac6bd984d56
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
954dfbe8a95dac3b93e12761f65754104f1696ea
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.24"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.25"
        }
    ]
}

Affected versions

1.*
1.2.0
1.2.1
1.2.2
1.3
1.3.0
1.3.1
1.3.10
1.3.11
1.3.12
1.3.13
1.3.14
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9
2.*
2.0.1
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.17
2.0.18
2.0.19
2.0.2
2.0.20
2.0.21
2.0.22
2.0.23
2.0.24
2.0.25
2.0.26
2.0.27
2.0.28
2.0.29
2.0.3
2.0.30
2.0.31
2.0.32
2.0.33
2.0.34
2.0.35
2.0.36
2.0.37
2.0.38
2.0.39
2.0.4
2.0.40
2.0.41
2.0.42
2.0.43
2.0.44
2.0.45
2.0.46
2.0.47
2.0.48
2.0.49
2.0.5
2.0.50
2.0.51
2.0.52
2.0.53
2.0.54
2.0.55
2.0.56
2.0.57
2.0.58
2.0.59
2.0.6
2.0.60
2.0.61
2.0.62
2.0.63
2.0.64
2.0.65
2.0.7
2.0.8
2.0.9
2.1.1
2.1.10
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.2.0
2.2.1
2.2.10
2.2.11
2.2.12
2.2.13
2.2.14
2.2.15
2.2.16
2.2.17
2.2.18
2.2.19
2.2.2
2.2.20
2.2.21
2.2.22
2.2.23
2.2.24
2.2.25
2.2.26
2.2.27
2.2.28
2.2.29
2.2.3
2.2.30
2.2.31
2.2.32
2.2.33
2.2.34
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.3.0
2.3.1
2.3.10
2.3.11
2.3.12
2.3.13
2.3.14
2.3.15
2.3.16
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.4.0
2.4.1
2.4.10
2.4.11
2.4.12
2.4.13
2.4.14
2.4.15
2.4.16
2.4.17
2.4.18
2.4.19
2.4.2
2.4.20
2.4.21
2.4.22
2.4.23
2.4.24
2.4.25
2.4.26
2.4.27
2.4.28
2.4.29
2.4.3
2.4.30
2.4.31
2.4.32
2.4.33
2.4.34
2.4.35
2.4.36
2.4.37
2.4.38
2.4.39
2.4.4
2.4.40
2.4.41
2.4.42
2.4.43
2.4.44
2.4.45
2.4.46
2.4.47
2.4.48
2.4.49
2.4.5
2.4.50
2.4.51
2.4.52
2.4.53
2.4.53-rc1-candidate
2.4.53-rc2-candidate
2.4.54
2.4.54-rc1-candidate
2.4.54-rc2-candidate
2.4.54-rc3-candidate
2.4.55
2.4.55-rc1-candidate
2.4.56
2.4.56-candidate
2.4.56-rc1-candidate
2.4.57
2.4.57-rc1-candidate
2.4.58
2.4.58-rc1-candidate
2.4.58-rc2-candidate
2.4.58-rc3-candidate
2.4.59
2.4.59-rc1-candidate
2.4.6
2.4.60
2.4.60-rc1-candidate
2.4.60-rc2-candidate
2.4.60-rc3-candidate
2.4.60-rc4-candidate
2.4.61
2.4.61-rc1-candidate
2.4.62
2.4.62-rc1-candidate
2.4.63
2.4.63-candidate
2.4.64
2.4.64-rc1-candidate
2.4.64-rc2-candidate
2.4.65
2.4.65-rc1-candidate
2.4.65-rc2-candidate
2.4.65-rc3-candidate
2.4.66
2.4.66-rc1-candidate
2.4.7
2.4.8
2.4.9
2.5.0-alpha
2.5.0-alpha2-ci-test-only
Other
AGB_BEFORE_AAA_CHANGES
APACHE_1_2b1
APACHE_1_2b10
APACHE_1_2b11
APACHE_1_2b2
APACHE_1_2b3
APACHE_1_2b4
APACHE_1_2b5
APACHE_1_2b6
APACHE_1_2b7
APACHE_1_2b8
APACHE_1_2b9
APACHE_1_3_PRE_NT
APACHE_1_3a1
APACHE_1_3b1
APACHE_1_3b2
APACHE_1_3b3
APACHE_1_3b5
APACHE_1_3b6
APACHE_1_3b7
APACHE_2_0_2001_02_09
APACHE_2_0_52_WROWE_RC1
APACHE_2_0_ALPHA
APACHE_2_0_ALPHA_2
APACHE_2_0_ALPHA_3
APACHE_2_0_ALPHA_4
APACHE_2_0_ALPHA_5
APACHE_2_0_ALPHA_6
APACHE_2_0_ALPHA_7
APACHE_2_0_ALPHA_8
APACHE_2_0_ALPHA_9
APACHE_2_0_BETA_CANDIDATE_1
APACHE_BIG_SYMBOL_RENAME_POST
APACHE_BIG_SYMBOL_RENAME_PRE
CHANGES
HTTPD_LDAP_1_0_0
INITIAL
MOD_SSL_2_8_3
PCRE_3_9
POST_APR_SPLIT
PRE_APR_CHANGES
STRIKER_2_0_51_RC1
STRIKER_2_0_51_RC2
STRIKER_2_1_0_RC1
WROWE_2_0_43_PRE1
apache-1_3-merge-1-post
apache-1_3-merge-1-pre
apache-1_3-merge-2-post
apache-1_3-merge-2-pre
apache-apr-merge-3
apache-doc-split-01
dg_last_1_2_doc_merge
djg-apache-nspr-07
djg_nspr_split
moving_to_httpd_module
mpm-3
mpm-merge-1
mpm-merge-2
post_ajp_proxy
pre_ajp_proxy
candidate-2.*
candidate-2.4.49
candidate-2.4.49-rc1
candidate-2.4.50-rc1
candidate-2.4.51-rc1
candidate-2.4.52-rc1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7659.json"