CVE-2021-26691
Description
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
36.266
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-13938,CVE-2020-35452,CVE-2021-26690,CVE-2021-26691 are fixed in Apache 2.4.48 | Windows |
| Vulnerabilities CVE-2021-26691,CVE-2021-26690 are fixed in IBM HTTP 9.0.0.11 | Windows |
| Vulnerabilities CVE-2021-26691,CVE-2021-3450,CVE-2021-3712 are fixed in Oracle Secure Backup 18.1.0.1.0 | Windows |
| Apache HTTP server (USN-4994-1) apache2_2.4.41-4ubuntu3.3_i386.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2_2.4.41-4ubuntu3.3_amd64.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2_2.4.46-1ubuntu1.2_i386.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2_2.4.46-1ubuntu1.2_amd64.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2_2.4.46-4ubuntu1.1_i386.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2_2.4.46-4ubuntu1.1_amd64.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2_2.4.29-1ubuntu4.16_i386.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2_2.4.29-1ubuntu4.16_amd64.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2-bin_2.4.41-4ubuntu3.3_i386.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2-bin_2.4.41-4ubuntu3.3_amd64.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2-bin_2.4.46-1ubuntu1.2_i386.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2-bin_2.4.46-1ubuntu1.2_amd64.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2-bin_2.4.46-4ubuntu1.1_i386.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2-bin_2.4.46-4ubuntu1.1_amd64.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2-bin_2.4.29-1ubuntu4.16_i386.deb | Linux |
| Apache HTTP server (USN-4994-1) apache2-bin_2.4.29-1ubuntu4.16_amd64.deb | Linux |
| apache2 security update(DSA-4937-1) apache2_2.4.38-3+deb10u5_i386.deb | Linux |
| apache2 security update(DSA-4937-1) apache2_2.4.38-3+deb10u5_amd64.deb | Linux |
| Httpd update (ELSA-2021-3816) httpd-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.x86_64.rpm | Linux |
| Httpd-devel update (ELSA-2021-3816) httpd-devel-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.x86_64.rpm | Linux |
| Httpd-filesystem update (ELSA-2021-3816) httpd-filesystem-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.noarch.rpm | Linux |
| Httpd-manual update (ELSA-2021-3816) httpd-manual-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.noarch.rpm | Linux |
| Httpd-tools update (ELSA-2021-3816) httpd-tools-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.x86_64.rpm | Linux |
| Mod_http2 update (ELSA-2021-3816) mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.x86_64.rpm | Linux |
| Mod_ldap update (ELSA-2021-3816) mod_ldap-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.x86_64.rpm | Linux |
| Mod_md update (ELSA-2021-3816) mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.x86_64.rpm | Linux |
| Mod_proxy_html update (ELSA-2021-3816) mod_proxy_html-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.x86_64.rpm | Linux |
| Mod_session update (ELSA-2021-3816) mod_session-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.x86_64.rpm | Linux |
| Mod_ssl update (ELSA-2021-3816) mod_ssl-2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1.x86_64.rpm | Linux |
| (RHSA-2021:3816) httpd:2.4 security update httpd-2.4.37-39.module+el8.4.0+12865+a7065a39.1.x86_64.rpm | Linux |
| (RHSA-2021:3816) httpd:2.4 security update httpd-debugsource-2.4.37-39.module+el8.4.0+12865+a7065a39.1.x86_64.rpm | Linux |
| (RHSA-2021:3816) httpd:2.4 security update httpd-devel-2.4.37-39.module+el8.4.0+12865+a7065a39.1.x86_64.rpm | Linux |
| (RHSA-2021:3816) httpd:2.4 security update httpd-filesystem-2.4.37-39.module+el8.4.0+12865+a7065a39.1.noarch.rpm | Linux |
| (RHSA-2021:3816) httpd:2.4 security update httpd-manual-2.4.37-39.module+el8.4.0+12865+a7065a39.1.noarch.rpm | Linux |
| (RHSA-2021:3816) httpd:2.4 security update httpd-tools-2.4.37-39.module+el8.4.0+12865+a7065a39.1.x86_64.rpm | Linux |
| (RHSA-2021:3816) httpd:2.4 security update mod_ldap-2.4.37-39.module+el8.4.0+12865+a7065a39.1.x86_64.rpm | Linux |
| (RHSA-2021:3816) httpd:2.4 security update mod_proxy_html-2.4.37-39.module+el8.4.0+12865+a7065a39.1.x86_64.rpm | Linux |
| (RHSA-2021:3816) httpd:2.4 security update mod_session-2.4.37-39.module+el8.4.0+12865+a7065a39.1.x86_64.rpm | Linux |
| (RHSA-2021:3816) httpd:2.4 security update mod_ssl-2.4.37-39.module+el8.4.0+12865+a7065a39.1.x86_64.rpm | Linux |
| Httpd update (ELSA-2022-0143) httpd-2.4.6-97.0.5.el7_9.4.x86_64.rpm | Linux |
| Httpd-devel update (ELSA-2022-0143) httpd-devel-2.4.6-97.0.5.el7_9.4.x86_64.rpm | Linux |
| Httpd-manual update (ELSA-2022-0143) httpd-manual-2.4.6-97.0.5.el7_9.4.noarch.rpm | Linux |
| Httpd-tools update (ELSA-2022-0143) httpd-tools-2.4.6-97.0.5.el7_9.4.x86_64.rpm | Linux |
| Mod_ldap update (ELSA-2022-0143) mod_ldap-2.4.6-97.0.5.el7_9.4.x86_64.rpm | Linux |
| Mod_proxy_html update (ELSA-2022-0143) mod_proxy_html-2.4.6-97.0.5.el7_9.4.x86_64.rpm | Linux |
| Mod_session update (ELSA-2022-0143) mod_session-2.4.6-97.0.5.el7_9.4.x86_64.rpm | Linux |
| Mod_ssl update (ELSA-2022-0143) mod_ssl-2.4.6-97.0.5.el7_9.4.x86_64.rpm | Linux |
| Out-of-bounds Write Vulnerability (CVE-2021-26691) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234