CVE-2021-44790

 

Published at: - 20-12-2021 01:15

Last modified: - 15-08-2022 01:15

Total changes: - 17

Description

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

 

Verification logic

 

Reference

• http://httpd.apache.org/security/vulnerabilities_24.html
• [oss-security] 20211220 CVE-2021-44790: Apache HTTP Server: Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier-Mailing List, Third Party Advisory
• FEDORA-2021-29a536c2ae-Mailing List, Third Party Advisory
• https://security.netapp.com/advisory/ntap-20211224-0001/
• DSA-5035-Third Party Advisory
• https://www.tenable.com/security/tns-2022-01
• https://www.tenable.com/security/tns-2022-03
• https://www.oracle.com/security-alerts/cpujan2022.html
• FEDORA-2022-b4103753e9-Mailing List, Third Party Advisory
• FEDORA-2022-21264ec6db-Third Party Advisory
• FEDORA-2022-78e3211c55-Third Party Advisory
• https://www.oracle.com/security-alerts/cpuapr2022.html
• https://support.apple.com/kb/HT213255
• https://support.apple.com/kb/HT213256
• https://support.apple.com/kb/HT213257
• 20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4-
• 20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina-
• 20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6-
• GLSA-202208-20-

 

Keywords

NVD

 

CVE-2021-44790

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures