[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-81051":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":16,"stars30d":16,"stars90d":15,"forks30d":15,"starsTrendScore":17,"compositeScore":18,"rankGlobal":10,"rankLanguage":10,"license":10,"archived":19,"fork":19,"defaultBranch":20,"hasWiki":21,"hasPages":19,"topics":22,"createdAt":10,"pushedAt":10,"updatedAt":23,"readmeContent":24,"aiSummary":25,"trendingCount":15,"starSnapshotCount":15,"syncStatus":26,"lastSyncTime":27,"discoverSource":28},81051,"CVE-2026-23918","striga-ai\u002FCVE-2026-23918","striga-ai","Double-free in Apache httpd mod_http2 stream cleanup leading to pre-auth RCE.","",null,"Python",29,6,28,0,1,3,42.14,false,"master",true,[],"2026-06-12 04:01:31","# CVE-2026-23918\n\nDouble-free in Apache httpd mod_http2 stream cleanup leading to pre-auth RCE.\n\nAffected: httpd 2.4.66 with mod_http2 and multi-threaded MPM (event\u002Fworker).\nFixed in: 2.4.67.\n\nFound and reported by Bartlomiej Dmitruk ([striga.ai](https:\u002F\u002Fstriga.ai)) and Stanislaw Strzalkowski ([isec.pl](https:\u002F\u002Fisec.pl)).\n\nWriteup: https:\u002F\u002Fstriga.ai\u002Fresearch\u002Fapache-httpd-mod-http2-double-free\n\n## Requirements\n\n- Docker\n- Python 3\n\n## Usage\n\nBuild and start the vulnerable environment:\n\n```sh\ndocker build -t httpd-poc .\ndocker run -d --name httpd-poc --privileged -p 9443:443 httpd-poc\n```\n\nGet `system()` and scoreboard addresses:\n\n```sh\ndocker exec httpd-poc python3 \u002Fgetaddr.py 1\n```\n\nRun the exploit:\n\n```sh\npython3 poc.py --host localhost --port 9443 \\\n    --cmd 'date >> \u002Ftmp\u002Fwin' --workers 64 \\\n    --system \u003Csystem_addr> --scoreboard \u003Cscoreboard_addr>\n```\n\nVerify (execution is probabilistic, may take minutes to hours):\n\n```sh\ndocker exec httpd-poc cat \u002Ftmp\u002Fwin\n```\n\n## Cleanup\n\n```sh\ndocker rm -f httpd-poc\n```\n","该项目揭示了Apache httpd 2.4.66中mod_http2模块存在的双重释放漏洞，可导致未经认证的远程代码执行。其核心功能是通过构建特定环境来重现该漏洞，并提供了一个基于Python的利用脚本，用于验证和研究此安全问题。技术上，项目依赖Docker创建易受攻击的服务实例，并使用Python脚本来触发漏洞及执行任意命令。适用于网络安全研究人员、渗透测试人员以及对Web服务器安全性感兴趣的开发者，在可控环境下学习和测试此类漏洞的影响与修复方法。",2,"2026-06-11 04:03:19","CREATED_QUERY"]