INFSA-2025:14625: mod_http2 security update
Information about definition
Identificator: INFSA-2025:14625
Type: security
Release date: 2025-09-04 21:58:22 UTC
Information about package
The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.
Vulnerabilities description
- CVE-2025-49630
An assertion failure flaw was found in Apache httpd. Untrusted clients can send inputs that trigger an assertion failure in the mod_proxy_http2 module, which likely results in an Apache HTTP server crash or denial of service (DoS).
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-49630
|
no information | 7.5 | no information |
Updated packages
Preparing to download...