[<prev] [next>] [day] [month] [year] [list]
Message-ID: <c4c20eda-17a2-0159-5dcd-6c39f25279d5@apache.org>
Date: Mon, 04 May 2026 11:50:24 +0000
From: Eric Covener <covener@...che.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2026-34032: Apache HTTP Server: mod_proxy_ajp: Heap Buffer
Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)
Severity: low
Affected versions:
- Apache HTTP Server through 2.4.66
Description:
Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server.
This issue affects Apache HTTP Server: through 2.4.66.
Users are recommended to upgrade to version 2.4.67, which fixes the issue.
Credit:
Tianshuo Han (<hantianshuo233@...il.com>) (finder)
Jérôme Djouder (finder)
References:
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/
https://www.cve.org/CVERecord?id=CVE-2026-34032
Timeline:
2026-03-01: Report received
2026-05-04: fixed in 2.4.x by r1933343
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
