[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2021-44790: Apache HTTP Server: Possible buffer overflow when parsing multipart c
From: Stefan Eissing <icing () apache ! org>
Date: 2021-12-20 10:36:28
Message-ID: 30b33714-e372-c864-5111-94b8bf062b80 () apache ! org
[Download RAW message or body]
Severity: high
Description:
A carefully crafted request body can cause a buffer overflow in the mod_lua=
multipart parser (r:parsebody() called from Lua scripts).
The Apache httpd team is not aware of an exploit for the vulnerabilty =
though it might be possible to craft one.
This issue affects Apache HTTP Server 2.4.51 and earlier.
Credit:
Chamal
Anonymous working with Trend Micro Zero Day Initiative
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic