CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2021-44790

CVSS 9.8v3.1pub. 2021-12-20upd. 2025-05-01

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apache HTTP Server

    APP
    Apache
    < 2.4.52
  • Apple macOS

    OS
    Apple
    12.0 – 12.4 (bez)< 10.15.711.0 – 11.6.6 (bez)
  • Apple Mac Os X

    OS
    Apple
    10.15.7
  • Debian

    OS
    Debian
    10.011.0
  • Fedora Project Fedora

    OS
    Fedoraproject
    343536
  • Netapp Cloud Backup

    APP
    Netapp
    wszystkie wersje
  • Oracle Communications Element Manager

    APP
    Oracle
    ≤ 9.0
  • Oracle Communications Operations Monitor

    APP
    Oracle
    4.34.45.0
  • Oracle Communications Session Report Manager

    APP
    Oracle
    ≤ 9.0
  • Oracle Communications Session Route Manager

    APP
    Oracle
    ≤ 9.0
  • Oracle HTTP Server

    APP
    Oracle
    12.2.1.3.012.2.1.4.0
  • Oracle Instantis Enterprisetrack

    APP
    Oracle
    17.117.217.3
  • Oracle Zfs Storage Appliance Kit

    APP
    Oracle
    8.8
  • Tenable Tenable.sc

    APP
    Tenable
    5.16.0 – 5.20.0 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt

GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-43300CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt

RCE przez deserializację PHP w Roundcube Webmail (parametr _from)