A NULL pointer dereference flaw was found in the mod_http2 module of httpd. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP/2 request.
bugzilla.redhat.com/show_bug.cgi?id=1463199
httpd.apache.org/security/vulnerabilities_24.html