CVE-2021-39275
Description
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
40.031
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-33193,CVE-2021-34798,CVE-2021-36160,CVE-2021-39275,CVE-2021-40438 are fixed in Apache Apache 2.4.49 | Windows |
| Vulnerabilities CVE-2021-40438,CVE-2021-34798,CVE-2021-39275 are fixed in IBM HTTP 9.0.5.10 | Windows |
| Vulnerabilities CVE-2021-39275 are fixed in IBM HTTP 8.5.5.21 | Windows |
| Multiple vulnerabilities are affected in Oracle HTTP Server 12.2.1.3.0 | Windows |
| Multiple vulnerabilities are affected in Oracle HTTP Server 12.2.1.4.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0 | Windows |
| Apache HTTP server (USN-5090-1) apache2_2.4.41-4ubuntu3.5_i386.deb | Linux |
| Apache HTTP server (USN-5090-1) apache2_2.4.41-4ubuntu3.5_amd64.deb | Linux |
| Apache HTTP server (USN-5090-1) apache2_2.4.46-4ubuntu1.2_i386.deb | Linux |
| Apache HTTP server (USN-5090-1) apache2_2.4.46-4ubuntu1.2_amd64.deb | Linux |
| Apache HTTP server (USN-5090-1) apache2_2.4.29-1ubuntu4.17_i386.deb | Linux |
| Apache HTTP server (USN-5090-1) apache2_2.4.29-1ubuntu4.17_amd64.deb | Linux |
| Apache HTTP server (USN-5090-1) apache2-bin_2.4.41-4ubuntu3.5_i386.deb | Linux |
| Apache HTTP server (USN-5090-1) apache2-bin_2.4.41-4ubuntu3.5_amd64.deb | Linux |
| Apache HTTP server (USN-5090-1) apache2-bin_2.4.46-4ubuntu1.2_i386.deb | Linux |
| Apache HTTP server (USN-5090-1) apache2-bin_2.4.46-4ubuntu1.2_amd64.deb | Linux |
| Apache HTTP server (USN-5090-1) apache2-bin_2.4.29-1ubuntu4.17_i386.deb | Linux |
| Apache HTTP server (USN-5090-1) apache2-bin_2.4.29-1ubuntu4.17_amd64.deb | Linux |
| apache2 security update(DSA-4982-1) apache2_2.4.38-3+deb10u6_amd64.deb | Linux |
| apache2 security update(DSA-4982-1) apache2_2.4.38-3+deb10u6_i386.deb | Linux |
| apache2 security update(DSA-4982-1) Debian_apache2_2.4.38-3+deb10u6_amd64.deb | Linux |
| apache2 security update(DSA-4982-1) apache2_2.4.51-1~deb11u1_amd64.deb | Linux |
| Httpd update (ELSA-2021-9619) httpd-2.4.6-97.0.5.el7_9.2.x86_64.rpm | Linux |
| Httpd-devel update (ELSA-2021-9619) httpd-devel-2.4.6-97.0.5.el7_9.2.x86_64.rpm | Linux |
| Httpd-manual update (ELSA-2021-9619) httpd-manual-2.4.6-97.0.5.el7_9.2.noarch.rpm | Linux |
| Httpd-tools update (ELSA-2021-9619) httpd-tools-2.4.6-97.0.5.el7_9.2.x86_64.rpm | Linux |
| Mod_ldap update (ELSA-2021-9619) mod_ldap-2.4.6-97.0.5.el7_9.2.x86_64.rpm | Linux |
| Mod_proxy_html update (ELSA-2021-9619) mod_proxy_html-2.4.6-97.0.5.el7_9.2.x86_64.rpm | Linux |
| Mod_session update (ELSA-2021-9619) mod_session-2.4.6-97.0.5.el7_9.2.x86_64.rpm | Linux |
| Mod_ssl update (ELSA-2021-9619) mod_ssl-2.4.6-97.0.5.el7_9.2.x86_64.rpm | Linux |
| Httpd update (ELSA-2022-9005) httpd-2.4.37-43.0.2.module+el8.5.0+20470+f38d0c8f.x86_64.rpm | Linux |
| Httpd-devel update (ELSA-2022-9005) httpd-devel-2.4.37-43.0.2.module+el8.5.0+20470+f38d0c8f.x86_64.rpm | Linux |
| Httpd-filesystem update (ELSA-2022-9005) httpd-filesystem-2.4.37-43.0.2.module+el8.5.0+20470+f38d0c8f.noarch.rpm | Linux |
| Httpd-manual update (ELSA-2022-9005) httpd-manual-2.4.37-43.0.2.module+el8.5.0+20470+f38d0c8f.noarch.rpm | Linux |
| Httpd-tools update (ELSA-2022-9005) httpd-tools-2.4.37-43.0.2.module+el8.5.0+20470+f38d0c8f.x86_64.rpm | Linux |
| Mod_http2 update (ELSA-2022-9005) mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.x86_64.rpm | Linux |
| Mod_ldap update (ELSA-2022-9005) mod_ldap-2.4.37-43.0.2.module+el8.5.0+20470+f38d0c8f.x86_64.rpm | Linux |
| Mod_md update (ELSA-2022-9005) mod_md-2.0.8-8.module+el8.3.0+7816+49791cfd.x86_64.rpm | Linux |
| Mod_proxy_html update (ELSA-2022-9005) mod_proxy_html-2.4.37-43.0.2.module+el8.5.0+20470+f38d0c8f.x86_64.rpm | Linux |
| Mod_session update (ELSA-2022-9005) mod_session-2.4.37-43.0.2.module+el8.5.0+20470+f38d0c8f.x86_64.rpm | Linux |
| Mod_ssl update (ELSA-2022-9005) mod_ssl-2.4.37-43.0.2.module+el8.5.0+20470+f38d0c8f.x86_64.rpm | Linux |
| Httpd update (ELSA-2022-0143) httpd-2.4.6-97.0.5.el7_9.4.x86_64.rpm | Linux |
| Httpd-devel update (ELSA-2022-0143) httpd-devel-2.4.6-97.0.5.el7_9.4.x86_64.rpm | Linux |
| Httpd-manual update (ELSA-2022-0143) httpd-manual-2.4.6-97.0.5.el7_9.4.noarch.rpm | Linux |
| Httpd-tools update (ELSA-2022-0143) httpd-tools-2.4.6-97.0.5.el7_9.4.x86_64.rpm | Linux |
| Mod_ldap update (ELSA-2022-0143) mod_ldap-2.4.6-97.0.5.el7_9.4.x86_64.rpm | Linux |
| Mod_proxy_html update (ELSA-2022-0143) mod_proxy_html-2.4.6-97.0.5.el7_9.4.x86_64.rpm | Linux |
| Mod_session update (ELSA-2022-0143) mod_session-2.4.6-97.0.5.el7_9.4.x86_64.rpm | Linux |
| Mod_ssl update (ELSA-2022-0143) mod_ssl-2.4.6-97.0.5.el7_9.4.x86_64.rpm | Linux |
| Httpd update (ELSA-2022-0258) httpd-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpm | Linux |
| Httpd-devel update (ELSA-2022-0258) httpd-devel-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpm | Linux |
| Httpd-filesystem update (ELSA-2022-0258) httpd-filesystem-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.noarch.rpm | Linux |
| Httpd-manual update (ELSA-2022-0258) httpd-manual-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.noarch.rpm | Linux |
| Httpd-tools update (ELSA-2022-0258) httpd-tools-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpm | Linux |
| Mod_http2 update (ELSA-2022-0258) mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.x86_64.rpm | Linux |
| Mod_ldap update (ELSA-2022-0258) mod_ldap-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpm | Linux |
| Mod_md update (ELSA-2022-0258) mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm | Linux |
| Mod_proxy_html update (ELSA-2022-0258) mod_proxy_html-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpm | Linux |
| Mod_session update (ELSA-2022-0258) mod_session-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpm | Linux |
| Mod_ssl update (ELSA-2022-0258) mod_ssl-2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1.x86_64.rpm | Linux |
| (RHSA-2022:0891) httpd:2.4 security update httpd-2.4.37-43.module+el8.5.0+14370+51c6d843.2.x86_64.rpm | Linux |
| (RHSA-2022:0891) httpd:2.4 security update httpd-debugsource-2.4.37-43.module+el8.5.0+14370+51c6d843.2.x86_64.rpm | Linux |
| (RHSA-2022:0891) httpd:2.4 security update httpd-devel-2.4.37-43.module+el8.5.0+14370+51c6d843.2.x86_64.rpm | Linux |
| (RHSA-2022:0891) httpd:2.4 security update httpd-filesystem-2.4.37-43.module+el8.5.0+14370+51c6d843.2.noarch.rpm | Linux |
| (RHSA-2022:0891) httpd:2.4 security update httpd-manual-2.4.37-43.module+el8.5.0+14370+51c6d843.2.noarch.rpm | Linux |
| (RHSA-2022:0891) httpd:2.4 security update httpd-tools-2.4.37-43.module+el8.5.0+14370+51c6d843.2.x86_64.rpm | Linux |
| (RHSA-2022:0891) httpd:2.4 security update mod_ldap-2.4.37-43.module+el8.5.0+14370+51c6d843.2.x86_64.rpm | Linux |
| (RHSA-2022:0891) httpd:2.4 security update mod_proxy_html-2.4.37-43.module+el8.5.0+14370+51c6d843.2.x86_64.rpm | Linux |
| (RHSA-2022:0891) httpd:2.4 security update mod_session-2.4.37-43.module+el8.5.0+14370+51c6d843.2.x86_64.rpm | Linux |
| (RHSA-2022:0891) httpd:2.4 security update mod_ssl-2.4.37-43.module+el8.5.0+14370+51c6d843.2.x86_64.rpm | Linux |
| Httpd update (ELSA-2022-0891) httpd-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.x86_64.rpm | Linux |
| Httpd-devel update (ELSA-2022-0891) httpd-devel-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.x86_64.rpm | Linux |
| Httpd-filesystem update (ELSA-2022-0891) httpd-filesystem-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.noarch.rpm | Linux |
| Httpd-manual update (ELSA-2022-0891) httpd-manual-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.noarch.rpm | Linux |
| Httpd-tools update (ELSA-2022-0891) httpd-tools-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.x86_64.rpm | Linux |
| Mod_http2 update (ELSA-2022-0891) mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.x86_64.rpm | Linux |
| Mod_ldap update (ELSA-2022-0891) mod_ldap-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.x86_64.rpm | Linux |
| Mod_md update (ELSA-2022-0891) mod_md-2.0.8-8.module+el8.5.0+20475+4f6a8fd5.x86_64.rpm | Linux |
| Mod_proxy_html update (ELSA-2022-0891) mod_proxy_html-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.x86_64.rpm | Linux |
| Mod_session update (ELSA-2022-0891) mod_session-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.x86_64.rpm | Linux |
| Mod_ssl update (ELSA-2022-0891) mod_ssl-2.4.37-43.0.2.module+el8.5.0+20518+d9453e37.2.x86_64.rpm | Linux |
| Vulnerabilities CVE-2021-33193,CVE-2021-34798,CVE-2021-36160,CVE-2021-39275,CVE-2021-40438 are fixed in Apache Apache 2.4.49 (For Linux) | Linux |
| Out-of-bounds Write Vulnerability (CVE-2021-39275) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234