FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mod_http2 -- Multiple vulnerabilities

Affected packages
mod_http2 < 2.0.33

Details

VuXML ID 61d74f80-5e9e-11f0-8baa-8447094a420f
Discovery 2025-07-10
Entry 2025-07-11

The mod_http2 project reports:

a client can increase memory consumption for a HTTP/2 connection via repeated request header names,leading to denial of service

certain proxy configurations whith mod_proxy_http2 as the backend, an assertion can be triggered by certain requests, leading to denial of service

References

CVE Name CVE-2025-49630
CVE Name CVE-2025-53020
URL https://github.com/icing/mod_h2/releases/tag/v2.0.33