CVE-2021-44790

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

Published: Dec 20, 2021
Updated: May 2, 2025
CVE: CVE-2021-44790
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
fedoraproject / fedora	34	34.x
fedoraproject / fedora	35	35.x
fedoraproject / fedora	36	36.x
debian / debian_linux	10.0	10.0.x
debian / debian_linux	11.0	11.0.x
tenable / tenable.sc	5.16.0	5.20.0
oracle / http_server	12.2.1.3.0	12.2.1.3.0.x
oracle / instantis_enterprisetrack	17.1	17.1.x
oracle / instantis_enterprisetrack	17.2	17.2.x
oracle / instantis_enterprisetrack	17.3	17.3.x
oracle / http_server	12.2.1.4.0	12.2.1.4.0.x
oracle / zfs_storage_appliance_kit	8.8	8.8.x
oracle / communications_operations_monitor	4.3	4.3.x
oracle / communications_operations_monitor	4.4	4.4.x
oracle / communications_operations_monitor	5.0	5.0.x
oracle / communications_element_manager	-	9.0.x
oracle / communications_session_report_manager	-	9.0.x
oracle / communications_session_route_manager	-	9.0.x
apple / macos	-	10.15.7
apple / mac_os_x	10.15.7-security_update_2020-001	10.15.7-security_update_2020-001.x
apple / mac_os_x	10.15.7-security_update_2021-001	10.15.7-security_update_2021-001.x
apple / mac_os_x	10.15.7-security_update_2021-002	10.15.7-security_update_2021-002.x
apple / mac_os_x	10.15.7-security_update_2021-003	10.15.7-security_update_2021-003.x
apple / mac_os_x	10.15.7-security_update_2021-004	10.15.7-security_update_2021-004.x
apple / mac_os_x	10.15.7-security_update_2021-005	10.15.7-security_update_2021-005.x
apple / mac_os_x	10.15.7-security_update_2021-006	10.15.7-security_update_2021-006.x
apple / mac_os_x	10.15.7-security_update_2021-008	10.15.7-security_update_2021-008.x
apple / mac_os_x	10.15.7-security_update_2021-007	10.15.7-security_update_2021-007.x
apple / mac_os_x	10.15.7-security_update_2022-002	10.15.7-security_update_2022-002.x
apple / mac_os_x	10.15.7-security_update_2022-001	10.15.7-security_update_2022-001.x
apple / macos	11.0	11.6.6
apple / mac_os_x	10.15.7-security_update_2022-003	10.15.7-security_update_2022-003.x
apple / macos	12.0	12.4
apache / http_server	-	2.4.52

Vulnerability Database

289,599

CVE-2021-44790