CVE-2021-41524

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
apachehttp_server
2.4.49
oracleinstantis_enterprisetrack
17.1
oracleinstantis_enterprisetrack
17.2
oracleinstantis_enterprisetrack
17.3
netappcloud_backup
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
apache2
bookworm
2.4.62-1~deb12u1
fixed
bookworm (security)
2.4.62-1~deb12u2
fixed
bullseye
2.4.62-1~deb11u1
not-affected
bullseye (security)
2.4.62-1~deb11u2
fixed
buster
not-affected
sid
2.4.62-3
fixed
stretch
not-affected
trixie
2.4.62-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
apache2
bionic
not-affected
focal
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
trusty
not-affected
xenial
not-affected
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
httpd
Amazon Linux 2
0:2.4.51-1.amzn2
fixed
httpd-debuginfo
Amazon Linux 2
0:2.4.51-1.amzn2
fixed
httpd-devel
Amazon Linux 2
0:2.4.51-1.amzn2
fixed
httpd-filesystem
Amazon Linux 2
0:2.4.51-1.amzn2
fixed
httpd-manual
Amazon Linux 2
0:2.4.51-1.amzn2
fixed
httpd-tools
Amazon Linux 2
0:2.4.51-1.amzn2
fixed
httpd24
Amazon Linux 1
0:2.4.51-1.94.amzn1
fixed
httpd24-debuginfo
Amazon Linux 1
0:2.4.51-1.94.amzn1
fixed
httpd24-devel
Amazon Linux 1
0:2.4.51-1.94.amzn1
fixed
httpd24-manual
Amazon Linux 1
0:2.4.51-1.94.amzn1
fixed
httpd24-tools
Amazon Linux 1
0:2.4.51-1.94.amzn1
fixed
mod24_ldap
Amazon Linux 1
0:2.4.51-1.94.amzn1
fixed
mod24_md
Amazon Linux 1
0:2.4.51-1.94.amzn1
fixed
mod24_proxy_html
Amazon Linux 1
1:2.4.51-1.94.amzn1
fixed
mod24_session
Amazon Linux 1
0:2.4.51-1.94.amzn1
fixed
mod24_ssl
Amazon Linux 1
1:2.4.51-1.94.amzn1
fixed
mod_ldap
Amazon Linux 2
0:2.4.51-1.amzn2
fixed
mod_md
Amazon Linux 2
0:2.4.51-1.amzn2
fixed
mod_proxy_html
Amazon Linux 2
1:2.4.51-1.amzn2
fixed
mod_session
Amazon Linux 2
0:2.4.51-1.amzn2
fixed
mod_ssl
Amazon Linux 2
1:2.4.51-1.amzn2
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
httpd
CBL-Mariner 1.0
0:2.4.51-1.cm1
fixed