{"id":"DEBIAN-CVE-2026-29168","details":"Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's  mod_md via OCSP response data.  This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66.  Users are recommended to upgrade to version 2.4.67, which fixes the issue.","modified":"2026-05-06T17:00:35.290038Z","published":"2026-05-05T14:16:08.507Z","upstream":["CVE-2026-29168"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2026-29168"}],"affected":[{"package":{"name":"apache2","ecosystem":"Debian:11","purl":"pkg:deb/debian/apache2?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.4.48-3.1","2.4.48-3.1+deb11u1","2.4.48-4","2.4.49-1","2.4.49-1~bpo10+1","2.4.49-1~deb11u1","2.4.49-1~deb11u2","2.4.49-1~deb11u3","2.4.49-2","2.4.49-3","2.4.49-4","2.4.50-1","2.4.50-1~deb11u1","2.4.51-1","2.4.51-1~bpo10+1","2.4.51-1~bpo10+2","2.4.51-1~deb11u1","2.4.51-2","2.4.52-1","2.4.52-1~bpo10+1","2.4.52-1~deb11u1","2.4.52-1~deb11u2","2.4.52-2","2.4.52-3","2.4.53-1","2.4.53-1~deb11u1","2.4.53-2","2.4.53-2~bpo10+1","2.4.54-1","2.4.54-1~deb11u1","2.4.54-2","2.4.54-3","2.4.54-4","2.4.54-5","2.4.55-1","2.4.56-1","2.4.56-1~deb11u1","2.4.56-1~deb11u2","2.4.56-2","2.4.57-1","2.4.57-2","2.4.57-3","2.4.58-1","2.4.59-1","2.4.59-1~deb10u1","2.4.59-1~deb11u1","2.4.59-1~deb12u1","2.4.59-2","2.4.60-1","2.4.61-1","2.4.61-1~deb11u1","2.4.61-1~deb12u1","2.4.62-1","2.4.62-1~deb11u1","2.4.62-1~deb11u2","2.4.62-1~deb12u1","2.4.62-1~deb12u2","2.4.62-2","2.4.62-3","2.4.62-4","2.4.62-5","2.4.62-6","2.4.63-1","2.4.64-1","2.4.65-1","2.4.65-1~deb11u1","2.4.65-1~deb12u1","2.4.65-2","2.4.65-3","2.4.66-1","2.4.66-1~deb11u1","2.4.66-1~deb12u1","2.4.66-1~deb12u2","2.4.66-1~deb13u1","2.4.66-1~deb13u2","2.4.66-2","2.4.66-3","2.4.66-4","2.4.66-5","2.4.66-6","2.4.66-7","2.4.66-8","2.4.67-1","2.4.67-1~deb12u1","2.4.67-1~deb12u2","2.4.67-1~deb13u1","2.4.67-1~deb13u2"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-29168.json"}},{"package":{"name":"apache2","ecosystem":"Debian:12","purl":"pkg:deb/debian/apache2?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.67-1~deb12u2"}]}],"versions":["2.4.57-2","2.4.57-3","2.4.58-1","2.4.59-1","2.4.59-1~deb10u1","2.4.59-1~deb11u1","2.4.59-1~deb12u1","2.4.59-2","2.4.60-1","2.4.61-1","2.4.61-1~deb11u1","2.4.61-1~deb12u1","2.4.62-1","2.4.62-1~deb11u1","2.4.62-1~deb11u2","2.4.62-1~deb12u1","2.4.62-1~deb12u2","2.4.62-2","2.4.62-3","2.4.62-4","2.4.62-5","2.4.62-6","2.4.63-1","2.4.64-1","2.4.65-1","2.4.65-1~deb11u1","2.4.65-1~deb12u1","2.4.65-2","2.4.65-3","2.4.66-1","2.4.66-1~deb11u1","2.4.66-1~deb12u1","2.4.66-1~deb12u2","2.4.66-1~deb13u1","2.4.66-1~deb13u2","2.4.66-2","2.4.66-3","2.4.66-4","2.4.66-5","2.4.66-6","2.4.66-7","2.4.66-8","2.4.67-1~deb12u1"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-29168.json"}},{"package":{"name":"apache2","ecosystem":"Debian:13","purl":"pkg:deb/debian/apache2?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.67-1~deb13u2"}]}],"versions":["2.4.65-2","2.4.65-3","2.4.66-1","2.4.66-1~deb11u1","2.4.66-1~deb12u1","2.4.66-1~deb12u2","2.4.66-1~deb13u1","2.4.66-1~deb13u2","2.4.66-2","2.4.66-3","2.4.66-4","2.4.66-5","2.4.66-6","2.4.66-7","2.4.66-8","2.4.67-1~deb12u1","2.4.67-1~deb12u2","2.4.67-1~deb13u1"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-29168.json"}},{"package":{"name":"apache2","ecosystem":"Debian:14","purl":"pkg:deb/debian/apache2?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.4.65-2","2.4.65-3","2.4.66-1","2.4.66-1~deb11u1","2.4.66-1~deb12u1","2.4.66-1~deb12u2","2.4.66-1~deb13u1","2.4.66-1~deb13u2","2.4.66-2","2.4.66-3","2.4.66-4","2.4.66-5","2.4.66-6","2.4.66-7","2.4.66-8","2.4.67-1","2.4.67-1~deb12u1","2.4.67-1~deb12u2","2.4.67-1~deb13u1","2.4.67-1~deb13u2"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-29168.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}]}