logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2021-44790

Description

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. #### Notes Author| Note ---|--- [mdeslaur](<https://launchpad.net/~mdeslaur>) | Fixed by r1896039 in 2.4.x [sbeattie](<https://launchpad.net/~sbeattie>) | mod_lua is not runtime enabled with Apache's package config in Ubuntu by default.


Affected Package


OS OS Version Package Name Package Version
ubuntu 20.04 apache2 2.4.41-4ubuntu3.9
ubuntu 21.04 apache2 2.4.46-4ubuntu1.5
ubuntu 21.10 apache2 2.4.48-3.1ubuntu3.2
ubuntu 22.04 apache2 2.4.52-1ubuntu1
ubuntu 14.04 apache2 2.4.7-1ubuntu4.22+esm3
ubuntu upstream apache2 2.4.52
ubuntu 16.04 apache2 2.4.18-2ubuntu3.17+esm4

Related