CVE-2021-44790

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-44790

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44790.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-44790

Aliases

BIT-apache-2021-44790

Downstream

ALPINE-CVE-2021-44790

DEBIAN-CVE-2021-44790

DLA-2907-1

DSA-5035-1

OESA-2021-1473

RHSA-2022:0143

RHSA-2022:0258

RHSA-2022:0288

RHSA-2022:0303

RHSA-2022:1136

RHSA-2022:1137

RHSA-2022:1138

RHSA-2022:1139

SUSE-SU-2022:0065-1

SUSE-SU-2022:0091-1

SUSE-SU-2022:0091-2

SUSE-SU-2022:0119-1

SUSE-SU-2022:0440-1

UBUNTU-CVE-2021-44790

USN-5212-1

USN-5212-2

openSUSE-SU-2022:0091-1

openSUSE-SU-2024:11695-1

Related

Published

2021-12-20T12:15:07Z

Modified

2025-10-21T02:34:53Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type: GIT
Repo: https://github.com/apache/httpd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fed3b8a079835cd63648d8903bc69243ce2c472a