CVE 2021-44790
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
Related bugs and status
CVE-2021-44790 (Candidate) is related to these bugs:
Bug #1832182: systemd unable to detect running apache if invoked via "apache2ctl graceful"
Bug #1956386: CVE patch request
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1956386 | CVE patch request | apache2 (Ubuntu) | High | Fix Released |
Bug #1960765: CVE-2021-26691 / CVE-2021-39275 / CVE-2021-44790: apache / httpd multiple CVEs
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1960765 | CVE-2021-26691 / CVE-2021-39275 / CVE-2021-44790: apache / httpd multiple CVEs | StarlingX | Medium | Fix Released |
Bug #1969363: CVE-2022-22720: httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1969363 | CVE-2022-22720: httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling | StarlingX | Medium | Fix Released |
See the
CVE page on Mitre.org
for more details.