CVE-2021-44790

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*

History

17 May 2022, 07:15

Type Values Removed Values Added
References
  • (FULLDISC) http://seclists.org/fulldisclosure/2022/May/33 -
  • (FULLDISC) http://seclists.org/fulldisclosure/2022/May/35 -
  • (FULLDISC) http://seclists.org/fulldisclosure/2022/May/38 -

16 May 2022, 20:15

Type Values Removed Values Added
References
  • (CONFIRM) https://support.apple.com/kb/HT213256 -
  • (CONFIRM) https://support.apple.com/kb/HT213257 -
  • (CONFIRM) https://support.apple.com/kb/HT213255 -

20 Apr 2022, 00:16

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -

18 Apr 2022, 19:34

Type Values Removed Values Added
CPE cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/ - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/ - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/ - Mailing List, Third Party Advisory

26 Mar 2022, 19:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/ -

26 Mar 2022, 00:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/ -

22 Mar 2022, 06:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/ -

01 Mar 2022, 20:03

Type Values Removed Values Added
First Time Debian debian Linux
Tenable tenable.sc
Oracle
Debian
Oracle instantis Enterprisetrack
Netapp
Fedoraproject fedora
Tenable
Fedoraproject
Netapp cloud Backup
References (DEBIAN) https://www.debian.org/security/2022/dsa-5035 - (DEBIAN) https://www.debian.org/security/2022/dsa-5035 - Third Party Advisory
References (CONFIRM) https://www.tenable.com/security/tns-2022-01 - (CONFIRM) https://www.tenable.com/security/tns-2022-01 - Third Party Advisory
References (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory
References (CONFIRM) https://www.tenable.com/security/tns-2022-03 - (CONFIRM) https://www.tenable.com/security/tns-2022-03 - Third Party Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20211224-0001/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20211224-0001/ - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/ - Mailing List, Third Party Advisory
CPE cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

07 Feb 2022, 16:16

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpujan2022.html -

12 Jan 2022, 20:15

Type Values Removed Values Added
References
  • (CONFIRM) https://www.tenable.com/security/tns-2022-03 -

06 Jan 2022, 01:15

Type Values Removed Values Added
References
  • (CONFIRM) https://www.tenable.com/security/tns-2022-01 -

05 Jan 2022, 11:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2022/dsa-5035 -

24 Dec 2021, 13:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20211224-0001/ -

24 Dec 2021, 03:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/ -

22 Dec 2021, 18:43

Type Values Removed Values Added
References (MISC) http://httpd.apache.org/security/vulnerabilities_24.html - (MISC) http://httpd.apache.org/security/vulnerabilities_24.html - Vendor Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2021/12/20/4 - (MLIST) http://www.openwall.com/lists/oss-security/2021/12/20/4 - Mailing List, Third Party Advisory
CWE CWE-787
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
CPE cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

20 Dec 2021, 16:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2021/12/20/4 -

20 Dec 2021, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-12-20 12:15

Updated : 2022-05-17 07:15


NVD link : CVE-2021-44790

Mitre link : CVE-2021-44790


JSON object : View

Products Affected

netapp

  • cloud_backup

fedoraproject

  • fedora

oracle

  • instantis_enterprisetrack

tenable

  • tenable.sc

debian

  • debian_linux

apache

  • http_server
CWE
CWE-787

Out-of-bounds Write