Apache HTTP Server Use After Free Vulnerability (CVE-2017-9789)

Description

When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.

Remediation

References

CVE-2017-9789

Related Vulnerabilities

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-28333)

Drupal Core 8.0.x Multiple Vulnerabilities (8.0.0 - 8.0.3)

OpenSSL Resource Management Errors Vulnerability (CVE-2006-2937)

Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-10352)

phpBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-16108)

Severity

High

Classification

CVE-2017-9789 CWE-416 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H