CVE-2021-41524
05.10.2021, 09:15
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| apache | http_server | 2.4.49 |
| oracle | instantis_enterprisetrack | 17.1 |
| oracle | instantis_enterprisetrack | 17.2 |
| oracle | instantis_enterprisetrack | 17.3 |
| netapp | cloud_backup | - |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| httpd |
| ||
| httpd-debuginfo |
| ||
| httpd-devel |
| ||
| httpd-filesystem |
| ||
| httpd-manual |
| ||
| httpd-tools |
| ||
| httpd24 |
| ||
| httpd24-debuginfo |
| ||
| httpd24-devel |
| ||
| httpd24-manual |
| ||
| httpd24-tools |
| ||
| mod24_ldap |
| ||
| mod24_md |
| ||
| mod24_proxy_html |
| ||
| mod24_session |
| ||
| mod24_ssl |
| ||
| mod_ldap |
| ||
| mod_md |
| ||
| mod_proxy_html |
| ||
| mod_session |
| ||
| mod_ssl |
|
Common Weakness Enumeration
References