Arkadi Vainbrand

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server versions 2.4.0 through 2.4.67 **Description** A heap-based buffer overflow occurs when interacting with malicious backend servers using `ProxyPassReverseCookie*`. A heap-based buffer overflow is a memory corruption issue where data exceeds the allocated boundary of a buffer on the heap, potentially leading to crashes or arbitrary code execution. **Recommendations** Upgrade to version 2.4.68.

**Name of the Vulnerable Software and Affected Versions** curl (affected versions not specified) **Description** A flaw exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is performed in clear-text via IMAP, SMTP, or POP3, a subsequent request to the same host bypasses the TLS requirement and transmits data unencrypted. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server versions prior to 2.4.67 **Description** A NULL pointer dereference in the mod authn socache module allows an unauthenticated remote user to crash a child process when a caching forward proxy configuration is used. A NULL pointer dereference occurs when a program attempts to read or write to a memory address that is NULL, typically leading to a program crash. **Recommendations** Upgrade to version 2.4.67.