Apache HTTP Server can crash when handling SYN packets

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.4

Apache HTTP Server can crash when handling SYN packets

CVE-2026-5590

Summary

The Apache HTTP Server may crash if it receives a SYN packet while processing a connection teardown. This can happen when the server is under heavy traffic. To fix this issue, update to the latest version of the Apache HTTP Server.

Original title

Original description

A race condition during TCP connection teardown can cause tcp_recv() to operate on a connection that has already been released. If tcp_conn_search() returns NULL while processing a SYN packet, a NULL pointer derived from stale context data is passed to tcp_backlog_is_full() and dereferenced without validation, leading to a crash.

nvd CVSS3.1 6.4

Vulnerability type

CWE-476 NULL Pointer Dereference

https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-4vqm-pw24-...

Published: 5 Apr 2026 · Updated: 5 Apr 2026 · First seen: 5 Apr 2026