A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. References: https://httpd.apache.org/security/vulnerabilities_24.html https://www.openwall.com/lists/oss-security/2023/01/17/5
Created httpd tracking bugs for this issue: Affects: fedora-all [bug 2162098]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:0852 https://access.redhat.com/errata/RHSA-2023:0852
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0970 https://access.redhat.com/errata/RHSA-2023:0970
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2006-20001
This issue has been addressed in the following products: JBCS httpd 2.4.51.sp2 Via RHSA-2023:3355 https://access.redhat.com/errata/RHSA-2023:3355
This issue has been addressed in the following products: JBoss Core Services on RHEL 7 JBoss Core Services for RHEL 8 Via RHSA-2023:3354 https://access.redhat.com/errata/RHSA-2023:3354