Description

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.

Remediation

References

CVE-2021-41524

Related Vulnerabilities

Ruby Improper Authentication Vulnerability (CVE-2007-5162)

Envoy Proxy Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-35944)

WordPress Plugin SlideDeck 2 Lite Responsive Content Slider Multiple Cross-Site Scripting Vulnerabilities (2.1.20130228)

WordPress Plugin OG Tags Cross-Site Request Forgery (2.0.1)

Python Improper Input Validation Vulnerability (CVE-2013-7338)

Severity

High

Classification

CVE-2021-41524 CWE-476

Tags

Missing Update Known Vulnerabilities