CVE-2025-53020

Опубликовано: 10 июл. 2025

Источник: redhat

CVSS3: 5.3

EPSS Низкий

Описание

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue.

A memory exhaustion flaw has been discovered in the Apache HTTP server. In some instances, the Apache HTTP server fails to free memory. Given sufficient time, this may lead to the host operating system killing the web server in order to reclaim memory.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	httpd	Fix deferred
Red Hat Enterprise Linux 6	httpd	Not affected
Red Hat Enterprise Linux 7	httpd	Not affected
Red Hat Enterprise Linux 8	httpd:2.4/httpd	Fix deferred
Red Hat Enterprise Linux 9	httpd	Fix deferred
Red Hat JBoss Core Services	httpd	Fix deferred
Red Hat JBoss Core Services	jbcs-httpd24-httpd	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-401

https://bugzilla.redhat.com/show_bug.cgi?id=2379343httpd: Apache HTTP Server Memory Exhaustion

EPSS

Процентиль: 55%

0.00327

Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2025-53020

CVSS3: 7.5

ubuntu

26 дней назад

CVE-2025-53020

CVSS3: 7.5

nvd

26 дней назад

CVE-2025-53020

CVSS3: 7.5

msrc

20 дней назад

Описание отсутствует

CVE-2025-53020

CVSS3: 7.5

debian

26 дней назад

Late Release of Memory after Effective Lifetime vulnerability in Apach ...

GHSA-c2vf-6g7v-8m6c

CVSS3: 7.5

github

26 дней назад

EPSS

Процентиль: 55%

0.00327

Низкий

5.3 Medium

CVSS3