Severity: moderate 

Affected versions:

- Apache HTTP Server 2.4.17 through 2.4.63

Description:

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP 
Server.

This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63.

Users are recommended to upgrade to version 2.4.64, which fixes the issue.

Credit:

Gal Bar Nahum (finder)

References:

https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-53020

Timeline:

2025-06-18: reported
2025-06-19: fix developed
2025-07-07: 2.4.x revision 1927046


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to