Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol.
This issue affects Apache HTTP Server: 2.4.66.
Users are recommended to upgrade to version 2.4.67, which fixes the issue.
The product calls free() twice on the same memory address.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Http_server | Apache | 2.4.66 (including) | 2.4.66 (including) |
| Red Hat Hardened Images | RedHat | httpd-main-2.4.67-0.1.hum1 | * |
| Apache2 | Ubuntu | devel | * |
| Apache2 | Ubuntu | resolute | * |
| Apache2 | Ubuntu | upstream | * |