Уязвимость CVE-2021-41524: Информация
Описание
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.
Важность: HIGH (7,5) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Исправленные пакеты
Имя пакета | Ветка | Исправлено в версии | Версия в репозитории | Errata ID | № Задания | Состояние |
---|---|---|---|---|---|---|
apache2 | sisyphus | 2.4.50-alt1 | 2.4.59-alt1 | ALT-PU-2021-2994-1 | 286602 | Исправлено |
apache2 | p10 | 2.4.51-alt1 | 2.4.59-alt1 | ALT-PU-2021-3018-1 | 286598 | Исправлено |
apache2 | p9 | 2.4.51-alt1 | 2.4.58-alt1 | ALT-PU-2021-3037-1 | 286599 | Исправлено |
apache2 | c10f1 | 2.4.51-alt1 | 2.4.59-alt1 | ALT-PU-2021-3018-1 | 286598 | Исправлено |
apache2 | c9f2 | 2.4.51-alt1 | 2.4.59-alt1 | ALT-PU-2021-3060-1 | 287080 | Исправлено |
Ссылки на рекомендации, решения и инструменты
Ссылка | Ресурс |
---|---|
https://httpd.apache.org/security/vulnerabilities_24.html |
|
[oss-security] 20211005 CVE-2021-41524: Apache HTTP Server: null pointer dereference in h2 fuzzing |
|
20211007 Apache HTTP Server Vulnerabilties: October 2021 |
|
https://security.netapp.com/advisory/ntap-20211029-0009/ |
|
https://www.oracle.com/security-alerts/cpujan2022.html |
|
GLSA-202208-20 |
|
FEDORA-2021-5d2d4b6ac5 | |
FEDORA-2021-f94985afca |