A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.
For Debian 9 stretch, these problems have been fixed in version 2.13-7~deb9u2.
We recommend that you upgrade your libapreq2 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.