CVE-2017-9789

Summary

When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache HTTP Server2.4.26affected

Weaknesses

  • Read after free in mod_http2

ADP Enrichment

CVE Program Container

Additional References

References