CVE-2024-36387

CVE-2024-36387: Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2

Vendor Apache Software Foundation

Product Apache HTTP Server

Weakness CWE-476

Published July 1, 2024

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

Key dates

Disclosure timeline

July 1, 2024 CVE published

February 13, 2025 Record updated