Vulnerabilities > CVE-2021-44790 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH

Summary

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

Vulnerable Configurations

Part Description Count
Application
Apache
254
Application
Tenable
5
Application
Netapp
1
Application
Oracle
36
OS
Fedoraproject
3
OS
Debian
2
OS
Apple
46

Common Weakness Enumeration (CWE)