CVE: CVE-2021-44790

Descrizione: A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

Vettore di attacco

Riferimenti esterni

• http://httpd.apache.org/security/vulnerabilities_24.html
• http://www.openwall.com/lists/oss-security/2021/12/20/4
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/
• https://www.debian.org/security/2022/dsa-5035
• https://www.oracle.com/security-alerts/cpujan2022.html
• https://security.netapp.com/advisory/ntap-20211224-0001/
• https://www.tenable.com/security/tns-2022-01
• https://www.tenable.com/security/tns-2022-03
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/
• https://www.oracle.com/security-alerts/cpuapr2022.html
• https://support.apple.com/kb/HT213257
• https://support.apple.com/kb/HT213256
• https://support.apple.com/kb/HT213255
• http://seclists.org/fulldisclosure/2022/May/33
• http://seclists.org/fulldisclosure/2022/May/35
• http://seclists.org/fulldisclosure/2022/May/38
• https://security.gentoo.org/glsa/202208-20
• http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html

Prodotti interessati

• Apache Software Foundation – Apache HTTP Server

Relazioni con altri prodotti

Produttore:Apache Software Foundation
Prodotto: Apache HTTP Server
Anno: 2021
CWE: CWE-787
CVSS: 0.0

Ulteriori risorse disponibili

• Vulnerabilità scoperte nello stesso anno (2021)