AZL-7044

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-7044.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-7044

Upstream

CVE-2021-44790

Published

2021-12-20T12:15:07Z

Modified

2026-04-01T05:21:45.604673Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2021-44790 affecting package httpd for versions less than 2.4.52-1

Details

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-44790

Affected packages

Azure Linux:2 / httpd

Package

Name: httpd
Purl: pkg:rpm/azure-linux/httpd

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.52-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-7044.json"