CVE-2018-1302

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-1302
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1302.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-1302
Downstream
Related
Published
2018-03-26T15:29:00.477Z
Modified
2026-04-02T00:39:38.151986Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.

References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type
GIT
Repo
https://github.com/apache/httpd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a168e4e5bab311688e66564ad230f32818adbacc
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.29"
        }
    ]
}

Affected versions

1.*
1.2.0
1.2.1
1.2.2
1.3
1.3.0
1.3.1
1.3.10
1.3.11
1.3.12
1.3.13
1.3.14
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9
2.*
2.0.1
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.17
2.0.18
2.0.19
2.0.2
2.0.20
2.0.21
2.0.22
2.0.23
2.0.24
2.0.25
2.0.26
2.0.27
2.0.28
2.0.29
2.0.3
2.0.30
2.0.31
2.0.32
2.0.33
2.0.34
2.0.35
2.0.36
2.0.37
2.0.38
2.0.39
2.0.4
2.0.40
2.0.41
2.0.42
2.0.43
2.0.44
2.0.45
2.0.46
2.0.47
2.0.48
2.0.49
2.0.5
2.0.50
2.0.51
2.0.52
2.0.53
2.0.54
2.0.55
2.0.56
2.0.57
2.0.58
2.0.59
2.0.6
2.0.60
2.0.61
2.0.62
2.0.63
2.0.64
2.0.65
2.0.7
2.0.8
2.0.9
2.1.1
2.1.10
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.2.0
2.2.1
2.2.10
2.2.11
2.2.12
2.2.13
2.2.14
2.2.15
2.2.16
2.2.17
2.2.18
2.2.19
2.2.2
2.2.20
2.2.21
2.2.22
2.2.23
2.2.24
2.2.25
2.2.26
2.2.27
2.2.28
2.2.29
2.2.3
2.2.30
2.2.31
2.2.32
2.2.33
2.2.34
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.3.0
2.3.1
2.3.10
2.3.11
2.3.12
2.3.13
2.3.14
2.3.15
2.3.16
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.4.0
2.4.1
2.4.10
2.4.11
2.4.12
2.4.13
2.4.14
2.4.15
2.4.16
2.4.17
2.4.18
2.4.19
2.4.2
2.4.20
2.4.21
2.4.22
2.4.23
2.4.24
2.4.25
2.4.26
2.4.27
2.4.28
2.4.29
2.4.3
2.4.30
2.4.31
2.4.32
2.4.33
2.4.34
2.4.35
2.4.36
2.4.37
2.4.38
2.4.39
2.4.4
2.4.40
2.4.41
2.4.42
2.4.43
2.4.44
2.4.45
2.4.46
2.4.47
2.4.48
2.4.49
2.4.5
2.4.50
2.4.51
2.4.52
2.4.53
2.4.53-rc1-candidate
2.4.53-rc2-candidate
2.4.54
2.4.54-rc1-candidate
2.4.54-rc2-candidate
2.4.54-rc3-candidate
2.4.55
2.4.55-rc1-candidate
2.4.56
2.4.56-candidate
2.4.56-rc1-candidate
2.4.57
2.4.57-rc1-candidate
2.4.58
2.4.58-rc1-candidate
2.4.58-rc2-candidate
2.4.58-rc3-candidate
2.4.59
2.4.59-rc1-candidate
2.4.6
2.4.60
2.4.60-rc1-candidate
2.4.60-rc2-candidate
2.4.60-rc3-candidate
2.4.60-rc4-candidate
2.4.61
2.4.61-rc1-candidate
2.4.62
2.4.62-rc1-candidate
2.4.63
2.4.63-candidate
2.4.64
2.4.64-rc1-candidate
2.4.64-rc2-candidate
2.4.65
2.4.65-rc1-candidate
2.4.65-rc2-candidate
2.4.65-rc3-candidate
2.4.66
2.4.66-rc1-candidate
2.4.7
2.4.8
2.4.9
2.5.0-alpha
2.5.0-alpha2-ci-test-only
Other
AGB_BEFORE_AAA_CHANGES
APACHE_1_2b1
APACHE_1_2b10
APACHE_1_2b11
APACHE_1_2b2
APACHE_1_2b3
APACHE_1_2b4
APACHE_1_2b5
APACHE_1_2b6
APACHE_1_2b7
APACHE_1_2b8
APACHE_1_2b9
APACHE_1_3_PRE_NT
APACHE_1_3a1
APACHE_1_3b1
APACHE_1_3b2
APACHE_1_3b3
APACHE_1_3b5
APACHE_1_3b6
APACHE_1_3b7
APACHE_2_0_2001_02_09
APACHE_2_0_52_WROWE_RC1
APACHE_2_0_ALPHA
APACHE_2_0_ALPHA_2
APACHE_2_0_ALPHA_3
APACHE_2_0_ALPHA_4
APACHE_2_0_ALPHA_5
APACHE_2_0_ALPHA_6
APACHE_2_0_ALPHA_7
APACHE_2_0_ALPHA_8
APACHE_2_0_ALPHA_9
APACHE_2_0_BETA_CANDIDATE_1
APACHE_BIG_SYMBOL_RENAME_POST
APACHE_BIG_SYMBOL_RENAME_PRE
CHANGES
HTTPD_LDAP_1_0_0
INITIAL
MOD_SSL_2_8_3
PCRE_3_9
POST_APR_SPLIT
PRE_APR_CHANGES
STRIKER_2_0_51_RC1
STRIKER_2_0_51_RC2
STRIKER_2_1_0_RC1
WROWE_2_0_43_PRE1
apache-1_3-merge-1-post
apache-1_3-merge-1-pre
apache-1_3-merge-2-post
apache-1_3-merge-2-pre
apache-apr-merge-3
apache-doc-split-01
dg_last_1_2_doc_merge
djg-apache-nspr-07
djg_nspr_split
moving_to_httpd_module
mpm-3
mpm-merge-1
mpm-merge-2
post_ajp_proxy
pre_ajp_proxy
candidate-2.*
candidate-2.4.49
candidate-2.4.49-rc1
candidate-2.4.50-rc1
candidate-2.4.51-rc1
candidate-2.4.52-rc1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1302.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    }
]