oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2025-53020: Apache HTTP Server: HTTP/2 DoS by Memory Increase

From: Eric Covener <covener () apache org>
Date: Thu, 10 Jul 2025 17:14:24 +0000
Severity: moderate 

Affected versions:

- Apache HTTP Server 2.4.17 through 2.4.63

Description:

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server.

This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63.

Users are recommended to upgrade to version 2.4.64, which fixes the issue.

Credit:

Gal Bar Nahum (finder)

References:

https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-53020

Timeline:

2025-06-18: reported
2025-06-19: fix developed
2025-07-07: 2.4.x revision 1927046
Previous By Date Next
Previous By Thread Next

Current thread: