VulnerableCode Package Details - pkg:apk/alpine/apache2@2.4.26-r0?arch=riscv64&distroversion=v3.20&reponame=main

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1189-ej89-hybs	mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.	CVE-2017-3169
VCID-fyrq-yg2u-jkc7	mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.	CVE-2017-7679
VCID-qayj-kts9-3fde	Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Third-party module writers SHOULD use ap_get_basic_auth_components(), available in 2.2.34 and 2.4.26, instead of ap_get_basic_auth_pw(). Modules which call the legacy ap_get_basic_auth_pw() during the authentication phase MUST either immediately authenticate the user after the call, or else stop the request immediately with an error response, to avoid incorrectly authenticating the current request.	CVE-2017-3167
VCID-twj7-4qwm-2khv	The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.	CVE-2017-7668
VCID-wshe-gf99-tbg6	A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process.	CVE-2017-7659

Vulnerability

Summary

Aliases

VCID-1189-ej89-hybs

mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

CVE-2017-3169

VCID-fyrq-yg2u-jkc7

mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

CVE-2017-7679

VCID-qayj-kts9-3fde

Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Third-party module writers SHOULD use ap_get_basic_auth_components(), available in 2.2.34 and 2.4.26, instead of ap_get_basic_auth_pw(). Modules which call the legacy ap_get_basic_auth_pw() during the authentication phase MUST either immediately authenticate the user after the call, or else stop the request immediately with an error response, to avoid incorrectly authenticating the current request.

CVE-2017-3167

VCID-twj7-4qwm-2khv

The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

CVE-2017-7668

VCID-wshe-gf99-tbg6

A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process.

CVE-2017-7659

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-07T13:57:17.893459+00:00	Alpine Linux Importer	Fixing	VCID-qayj-kts9-3fde	https://secdb.alpinelinux.org/v3.20/main.json	38.1.0
2026-04-06T04:54:18.499151+00:00	Alpine Linux Importer	Fixing	VCID-1189-ej89-hybs	https://secdb.alpinelinux.org/v3.20/main.json	38.1.0
2026-04-03T17:58:05.917142+00:00	Alpine Linux Importer	Fixing	VCID-twj7-4qwm-2khv	https://secdb.alpinelinux.org/v3.20/main.json	38.1.0
2026-04-01T19:18:59.740705+00:00	Alpine Linux Importer	Fixing	VCID-wshe-gf99-tbg6	https://secdb.alpinelinux.org/v3.20/main.json	38.0.0
2026-04-01T18:48:01.218143+00:00	Alpine Linux Importer	Fixing	VCID-fyrq-yg2u-jkc7	https://secdb.alpinelinux.org/v3.20/main.json	38.0.0