ALPINE-CVE-2026-34355

Source
https://security.alpinelinux.org/vuln/CVE-2026-34355
Import Source
https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-34355.json
JSON Data
https://api.osv.dev/v1/vulns/ALPINE-CVE-2026-34355
Upstream
  • CVE-2026-34355
Published
2026-06-08T16:16:38.387Z
Modified
2026-07-06T17:30:05.029021280Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A buffer overflow in modproxyhtml in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue.

References

Affected packages

Alpine:v3.21 / apache2

Package

Name
apache2
Purl
pkg:apk/alpine/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.68-r0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-34355.json"

Alpine:v3.22 / apache2

Package

Name
apache2
Purl
pkg:apk/alpine/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.68-r0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-34355.json"

Alpine:v3.23 / apache2

Package

Name
apache2
Purl
pkg:apk/alpine/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.68-r0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-34355.json"

Alpine:v3.24 / apache2

Package

Name
apache2
Purl
pkg:apk/alpine/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.68-r0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-34355.json"