Elhanan Haenel

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server versions prior to 2.4.68 **Description** A buffer overflow occurs in the `mod proxy html` module, which can be triggered by an untrusted backend. **Recommendations** Upgrade to version 2.4.68.

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server versions prior to 2.4.67 **Description** A buffer over-read issue exists in the `mod proxy ajp` module, specifically within the `ajp parse data()` function. This flaw can lead to a heap over-read and memory disclosure, potentially exposing sensitive memory data. A buffer over-read occurs when a program reads more data from a buffer than it is intended to, which can lead to the leakage of adjacent memory contents. **Recommendations** Upgrade to version 2.4.67. Limit exposure and monitor for abnormal requests.

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server versions prior to 2.4.67 **Description** A heap-based buffer overflow exists in the `mod proxy ajp` module. If `mod proxy ajp` connects to a malicious AJP server, that server can send a crafted AJP message causing the system to write four attacker-controlled bytes beyond the end of a heap-based buffer, leading to memory corruption. **Recommendations** Upgrade to version 2.4.67.

**Name of the Vulnerable Software and Affected Versions** libarchive (affected versions not specified) **Description** A flaw exists in the RAR5 archive decompression logic within the `archive read data()` processing path of the libarchive library. Processing a specially crafted RAR5 archive can cause the decompression routine to enter a state preventing progress, resulting in an infinite loop that continuously consumes CPU resources. The archive appears structurally valid and passes checksum validation, making detection difficult for affected applications before processing. This can lead to persistent denial-of-service conditions in services that automatically process archives. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libarchive (affected versions not specified) **Description** An issue exists in libarchive’s zisofs decompression logic. Improper validation of the `pz log2 bs` field read from ISO9660 Rock Ridge extensions can lead to undefined behavior. An attacker can exploit this by providing a specially crafted ISO file. This can result in incorrect memory allocation and potential application crashes, leading to a denial-of-service (DoS) condition. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server versions prior to 2.4.67 **Description** An out-of-bounds read issue exists in the `mod proxy ajp` module of Apache HTTP Server, specifically within AJP getter functions. This flaw allows a remote attacker to read memory outside the intended range, which could lead to the disclosure of sensitive information. **Recommendations** Upgrade to version 2.4.67.