CVE-2021-41524

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:http_server:2.4.49:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*

History

07 Nov 2023, 03:38

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T/', 'name': 'FEDORA-2021-5d2d4b6ac5', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG/', 'name': 'FEDORA-2021-f94985afca', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T/ -

28 Oct 2022, 13:51

Type Values Removed Values Added
References (GENTOO) https://security.gentoo.org/glsa/202208-20 - (GENTOO) https://security.gentoo.org/glsa/202208-20 - Third Party Advisory

15 Aug 2022, 11:15

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202208-20 -

25 Mar 2022, 18:24

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
First Time Netapp
Oracle
Netapp cloud Backup
Oracle instantis Enterprisetrack
References (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory

07 Feb 2022, 16:16

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpujan2022.html -

28 Nov 2021, 23:29

Type Values Removed Values Added
References (CONFIRM) https://security.netapp.com/advisory/ntap-20211029-0009/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20211029-0009/ - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG/ - Mailing List, Third Party Advisory
CPE cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

17 Nov 2021, 22:19

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG/ -

10 Nov 2021, 01:19

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG/', 'name': 'FEDORA-2021-f94985afca', 'tags': [], 'refsource': 'FEDORA'}

30 Oct 2021, 02:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG/ -

29 Oct 2021, 13:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20211029-0009/ -

12 Oct 2021, 15:49

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5
References (MLIST) http://www.openwall.com/lists/oss-security/2021/10/05/1 - (MLIST) http://www.openwall.com/lists/oss-security/2021/10/05/1 - Mailing List, Third Party Advisory
References (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ - (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ - Third Party Advisory
References (MISC) https://httpd.apache.org/security/vulnerabilities_24.html - (MISC) https://httpd.apache.org/security/vulnerabilities_24.html - Vendor Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T/ - Mailing List, Third Party Advisory
CWE CWE-476
CPE cpe:2.3:a:apache:http_server:2.4.49:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

07 Oct 2021, 23:15

Type Values Removed Values Added
References
  • (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ -

07 Oct 2021, 19:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T/ -

05 Oct 2021, 15:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.apache.org/thread.html/rc30f96fa07346fa6bdd73f3e172b8964ec9a7d49351b4f60422fc469@%3Cannounce.apache.org%3E', 'name': '[announce] 20211005 CVE-2021-41524: Apache HTTP Server: null pointer dereference in h2 fuzzing', 'tags': [], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/rc24a83c51a4ccf32155341301d513f8b6035405f84f9501cfa8117d4@%3Cusers.httpd.apache.org%3E', 'name': '[httpd-users] 20211005 [users@httpd] CVE-2021-41524: Apache HTTP Server: null pointer dereference in h2 fuzzing', 'tags': [], 'refsource': 'MLIST'}
  • (MLIST) http://www.openwall.com/lists/oss-security/2021/10/05/1 -

05 Oct 2021, 13:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/rc30f96fa07346fa6bdd73f3e172b8964ec9a7d49351b4f60422fc469@%3Cannounce.apache.org%3E -
  • (MLIST) https://lists.apache.org/thread.html/rc24a83c51a4ccf32155341301d513f8b6035405f84f9501cfa8117d4@%3Cusers.httpd.apache.org%3E -

05 Oct 2021, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-10-05 09:15

Updated : 2023-12-10 14:09


NVD link : CVE-2021-41524

Mitre link : CVE-2021-41524

CVE.ORG link : CVE-2021-41524


JSON object : View

Products Affected

apache

  • http_server

oracle

  • instantis_enterprisetrack

netapp

  • cloud_backup

fedoraproject

  • fedora
CWE
CWE-476

NULL Pointer Dereference