In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the PROXY protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Http_server | Apache | 2.4.33 (including) | 2.4.33 (including) |
Http_server | Apache | 2.4.34 (including) | 2.4.34 (including) |
Http_server | Apache | 2.4.35 (including) | 2.4.35 (including) |
Http_server | Apache | 2.4.37 (including) | 2.4.37 (including) |
Http_server | Apache | 2.4.38 (including) | 2.4.38 (including) |