Back to search
CVE-2021-41524
Published: Oct 5, 2021
Modified: Aug 4, 2024
PUBLISHED
Description
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache HTTP Server | affected 2.4.49 |
Weaknesses (CWE)
References
https://httpd.apache.org/security/vulnerabilities_24.html
x_refsource_MISC
[oss-security] 20211005 CVE-2021-41524: Apache HTTP Server: null pointer dereference in h2 fuzzing
mailing-list
x_refsource_MLIST
FEDORA-2021-5d2d4b6ac5
vendor-advisory
x_refsource_FEDORA
20211007 Apache HTTP Server Vulnerabilties: October 2021
vendor-advisory
x_refsource_CISCO
FEDORA-2021-f94985afca
vendor-advisory
x_refsource_FEDORA
https://www.oracle.com/security-alerts/cpujan2022.html
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20211029-0009/
x_refsource_CONFIRM
GLSA-202208-20
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now