CVE-2021-39275

Updated: 2024-11-30 02:50:25.2302

Description:

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x HIGH 7.5
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS httpd 2.2.15 9.8 CRITICAL Released CLSA-2021:1634745216 2022-05-05 12:02:10
CentOS 7 ELS httpd 2.4.6 9.8 CRITICAL Already Fixed 2023-09-19 09:30:22
CentOS 8.4 ELS httpd 2.4.37 9.8 CRITICAL Released CLSA-2022:1644869841 2022-04-19 21:49:51
CentOS 8.5 ELS httpd 2.4.37 9.8 CRITICAL Released CLSA-2022:1644869383 2022-04-19 21:49:51
CloudLinux 6 ELS httpd 2.2.15 9.8 CRITICAL Released 2022-04-19 21:49:51
Oracle Linux 6 ELS httpd 2.2.15 9.8 CRITICAL Released CLSA-2021:1634922666 2022-04-19 21:49:51
Ubuntu 16.04 ELS apache2 2.4.18 9.8 CRITICAL Released CLSA-2021:1635458969 2022-04-19 21:49:45
Ubuntu 18.04 ELS apache2 2.4.29 9.8 CRITICAL Already Fixed 2023-04-28 08:48:56