CVE-2021-41524

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 05-10-2021 11:15

Last modified: - 15-08-2022 01:15

Total changes: - 8

Description

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

None

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

7.5

Base score

3.9

3.6

Exploitability score

Impact score

Verification logic

Reference

https://httpd.apache.org/security/vulnerabilities_24.html
[oss-security] 20211005 CVE-2021-41524: Apache HTTP Server: null pointer dereference in h2 fuzzing-Mailing List, Third Party Advisory
FEDORA-2021-5d2d4b6ac5-Mailing List, Third Party Advisory
20211007 Apache HTTP Server Vulnerabilties: October 2021-Third Party Advisory
https://security.netapp.com/advisory/ntap-20211029-0009/
FEDORA-2021-f94985afca-Mailing List, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
GLSA-202208-20-

Keywords

CVE-2021-41524

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2021-41524

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures