CVE-2021-39275

Summary

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache HTTP ServerApache HTTP Server 2.4 <= 2.4.48affected

Weaknesses

  • Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

References