Severity: moderate
Affected versions: - Apache HTTP Server 2.4.17 through 2.4.63 Description: Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue. Credit: Gal Bar Nahum (finder) References: https://httpd.apache.org/security/vulnerabilities_24.html https://httpd.apache.org/ https://www.cve.org/CVERecord?id=CVE-2025-53020 Timeline: 2025-06-18: reported 2025-06-19: fix developed 2025-07-07: 2.4.x revision 1927046 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org