mod_http2 vulnerabilities

Known vulnerabilities in the mod_http2 package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
H CVE-2024-38476	<0:1.15.7-10.module+el8.10.0+90327+96b8ea28
H Improper Encoding or Escaping of Output	<0:1.15.7-10.module+el8.10.0+90327+96b8ea28
H NULL Pointer Dereference	<0:1.15.7-10.module+el8.10.0+90327+96b8ea28
H Improper Encoding or Escaping of Output	<0:1.15.7-10.module+el8.10.0+90327+96b8ea28
H Improper Input Validation	<0:1.15.7-10.module+el8.10.0+90327+96b8ea28
H Improper Encoding or Escaping of Output	<0:1.15.7-10.module+el8.10.0+90327+96b8ea28
M CVE-2023-38709	<0:1.15.7-10.module+el8.10.0+90327+96b8ea28
M Improper Resource Shutdown or Release	<0:1.15.7-10.module+el8.10.0+90327+96b8ea28
M Out-of-bounds Read	<0:1.15.7-10.module+el8.10.0+90327+96b8ea28
H Allocation of Resources Without Limits or Throttling	<0:1.15.7-8.module+el8.9.0+90299+1db10a42.5
M HTTP Request Smuggling	<0:1.15.7-8.module+el8.8.0+21057+13668aee.3
H HTTP Request Smuggling	<0:1.15.7-5.module+el8.7.0+21029+de29ba63.4
M HTTP Request Smuggling	<0:1.15.7-5.module+el8.6.0+20548+01710940
M Out-of-bounds Write	<0:1.15.7-5.module+el8.6.0+20548+01710940
M HTTP Response Splitting	<0:1.15.7-5.module+el8.6.0+20548+01710940
M Integer Overflow or Wraparound	<0:1.15.7-5.module+el8.6.0+20548+01710940
M Improper Initialization	<0:1.15.7-5.module+el8.6.0+20548+01710940
M CVE-2022-30556	<0:1.15.7-5.module+el8.6.0+20548+01710940
M Out-of-bounds Write	<0:1.15.7-5.module+el8.6.0+20548+01710940
M HTTP Request Smuggling	<0:1.15.7-5.module+el8.6.0+20548+01710940
M Integer Overflow or Wraparound	<0:1.15.7-5.module+el8.6.0+20548+01710940
M Allocation of Resources Without Limits or Throttling	<0:1.15.7-5.module+el8.6.0+20548+01710940
M Allocation of Resources Without Limits or Throttling	<0:1.15.7-5.module+el8.6.0+20548+01710940
M Integer Overflow or Wraparound	<0:1.15.7-5.module+el8.6.0+20548+01710940
H Insufficient Verification of Data Authenticity	<0:1.15.7-5.module+el8.6.0+20548+01710940
L NULL Pointer Dereference	<0:1.15.7-5.module+el8.6.0+20548+01710940
M NULL Pointer Dereference	<0:1.15.7-5.module+el8.6.0+20548+01710940
M Out-of-bounds Write	<0:1.15.7-5.module+el8.6.0+20548+01710940
M Out-of-bounds Read	<0:1.15.7-5.module+el8.6.0+20548+01710940
M CVE-2021-33193	<0:1.15.7-5.module+el8.6.0+20548+01710940
H HTTP Request Smuggling	<0:1.15.7-3.module+el8.4.0+20024+b87b2deb
H Out-of-bounds Write	<0:1.15.7-3.module+el8.4.0+20024+b87b2deb
H Out-of-bounds Write	<0:1.15.7-3.module+el8.4.0+20024+b87b2deb
H NULL Pointer Dereference	<0:1.15.7-3.module+el8.4.0+20024+b87b2deb
H Out-of-bounds Write	<0:1.15.7-3.module+el8.4.0+20024+b87b2deb
M CVE-2021-30641	<0:1.15.7-3.module+el8.4.0+20024+b87b2deb
H NULL Pointer Dereference	<0:1.15.7-3.module+el8.4.0+20024+b87b2deb
H Server-Side Request Forgery (SSRF)	<0:1.15.7-3.module+el8.4.0+20024+b87b2deb
H Out-of-bounds Write	<0:1.15.7-3.module+el8.4.0+20024+b87b2deb
M HTTP Request Smuggling	<0:1.15.7-3.module+el8.4.0+20024+b87b2deb
M Buffer Overflow	<0:1.15.7-3.module+el8.4.0+20024+b87b2deb
M Use After Free	<0:1.15.7-2.module+el8.3.0+7816+49791cfd
M Cross-site Scripting (XSS)	<0:1.15.7-2.module+el8.3.0+7816+49791cfd
M NULL Pointer Dereference	<0:1.15.7-2.module+el8.3.0+7816+49791cfd
M Use After Free	<0:1.15.7-2.module+el8.3.0+7816+49791cfd
M Out-of-bounds Write	<0:1.15.7-2.module+el8.3.0+7816+49791cfd
M Resource Exhaustion	<0:1.15.7-2.module+el8.3.0+7816+49791cfd
M HTTP Request Smuggling	<0:1.15.7-2.module+el8.3.0+7816+49791cfd
M Open Redirect	<0:1.15.7-2.module+el8.3.0+7816+49791cfd
M Open Redirect	<0:1.15.7-2.module+el8.3.0+7816+49791cfd
M Use of Uninitialized Resource	<0:1.15.7-2.module+el8.3.0+7816+49791cfd
H HTTP Request Smuggling	<0:1.11.3-3.module+el8.2.0+7789+dac765eb.1
M Session Fixation	<0:1.15.7-3.module+el8.4.0+20024+b87b2deb
H Allocation of Resources Without Limits or Throttling	<0:1.11.3-3.module+el8.0.0+5348+de75177e
M Race Condition	<0:1.11.3-3.module+el8.1.0+5385+dcd9ff33
M Use of Incorrectly-Resolved Name or Reference	<0:1.11.3-3.module+el8.1.0+5385+dcd9ff33
H Use After Free	<0:1.11.3-2.module+el8.0.0+5209+a98d70d6
H CVE-2019-0215	<0:1.11.3-2.module+el8.0.0+5209+a98d70d6

Vulnerability

Vulnerable Version

CVE-2024-38476

<0:1.15.7-10.module+el8.10.0+90327+96b8ea28

Improper Encoding or Escaping of Output

<0:1.15.7-10.module+el8.10.0+90327+96b8ea28

NULL Pointer Dereference

<0:1.15.7-10.module+el8.10.0+90327+96b8ea28

Improper Encoding or Escaping of Output

<0:1.15.7-10.module+el8.10.0+90327+96b8ea28

Improper Input Validation

<0:1.15.7-10.module+el8.10.0+90327+96b8ea28

Improper Encoding or Escaping of Output

<0:1.15.7-10.module+el8.10.0+90327+96b8ea28

CVE-2023-38709

<0:1.15.7-10.module+el8.10.0+90327+96b8ea28

Improper Resource Shutdown or Release

<0:1.15.7-10.module+el8.10.0+90327+96b8ea28

Out-of-bounds Read

<0:1.15.7-10.module+el8.10.0+90327+96b8ea28

Allocation of Resources Without Limits or Throttling

<0:1.15.7-8.module+el8.9.0+90299+1db10a42.5

HTTP Request Smuggling

<0:1.15.7-8.module+el8.8.0+21057+13668aee.3

HTTP Request Smuggling

<0:1.15.7-5.module+el8.7.0+21029+de29ba63.4

HTTP Request Smuggling