7.5

CVE-2026-49975

Medienbericht
Exploit

Apache HTTP Server: mod_http2 denial of service

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests.

This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version >= 2.4.17 < 2.4.68
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 11.47% 0.955
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-409 Improper Handling of Highly Compressed Data (Data Amplification)

The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.

CWE-789 Memory Allocation with Excessive Size Value

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
18.06.2026 18:21
https://httpd.apache.org/security/vulnerabilities_24.html
Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/06/03/3
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2026/06/08/16
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2026/06/msg00009.html
Third Party Advisory
Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=2485371
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-49975.json
https://access.redhat.com/errata/RHSA-2026:27200
https://access.redhat.com/errata/RHSA-2026:27201
https://access.redhat.com/errata/RHSA-2026:36373
https://access.redhat.com/errata/RHSA-2026:25042
https://access.redhat.com/errata/RHSA-2026:25057
https://access.redhat.com/errata/RHSA-2026:25090
https://access.redhat.com/errata/RHSA-2026:25225
https://access.redhat.com/errata/RHSA-2026:27114
https://access.redhat.com/security/cve/CVE-2026-49975
https://github.com/EQSTLab/CVE-2026-49975
Third Party Advisory
Exploit
https://access.redhat.com/errata/RHSA-2026:36831
https://access.redhat.com/errata/RHSA-2026:36846