Main Vulnerability Database SB20260522122

SB20260522122 - openEuler 24.03 LTS SP1 update for httpd

Published: May 22, 2026

Security Bulletin ID SB20260522122

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Out-of-bounds read (CVE-ID: CVE-2026-34032)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper null termination leading to an out-of-bounds read in mod_proxy_ajp ajp_msg_get_string when parsing AJP string data. A remote attacker can send a specially crafted AJP message to disclose sensitive information.

Exploitation requires Apache HTTP Server to connect to an untrusted or compromised AJP backend server.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2399

SB20260522122 - openEuler 24.03 LTS SP1 update for httpd

Breakdown by Severity

Description

Remediation

References

Please verify you're human