{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "2.4.63", "status": "affected", "version": "2.4.17", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Gal Bar Nahum" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server.

This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63.

Users are recommended to upgrade to version 2.4.64, which fixes the issue.

" } ], "value": "Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server.\n\nThis issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63.\n\nUsers are recommended to upgrade to version 2.4.64, which fixes the issue." } ], "metrics": [ { "other": { "content": { "text": "moderate" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09" }, "source": { "discovery": "UNKNOWN" }, "timeline": [ { "lang": "en", "time": "2025-06-18T09:19:00.000Z", "value": "reported" }, { "lang": "en", "time": "2025-06-19T09:20:00.000Z", "value": "fix developed" }, { "lang": "eng", "time": "2025-07-10", "value": "2.4.64 released" } ], "title": "Apache HTTP Server: HTTP/2 DoS by Memory Increase", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "cveId": "CVE-2025-53020", "serial": 1, "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }