In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
{ "cpes": [ "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" ], "severity": "Critical" }