CVE 2021-44790
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
Related bugs and status
CVE-2021-44790 (Candidate) is related to these bugs:
Bug #1832182: systemd unable to detect running apache if invoked via "apache2ctl graceful"
Bug #1956386: CVE patch request
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1956386 | CVE patch request | apache2 (Ubuntu) | High | Fix Released | ||
Bug #1960765: CVE-2021-26691 / CVE-2021-39275 / CVE-2021-44790: apache / httpd multiple CVEs
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1960765 | CVE-2021-26691 / CVE-2021-39275 / CVE-2021-44790: apache / httpd multiple CVEs | StarlingX | Medium | Fix Released | ||
Bug #1969363: CVE-2022-22720: httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1969363 | CVE-2022-22720: httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling | StarlingX | Medium | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
