Описание
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| apache2 | fixed | 2.4.49-1 | package | |
| apache2 | not-affected | stretch | package | |
| uwsgi | unfixed | package |
Примечания
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-36160
https://github.com/apache/httpd/commit/b364cad72b48dd40fbc2850e525b845406520f0b
uwsgi since 2.0.15-11 drops building the libapache2-mod-proxy-uwsgi{,-dbg}
packages which are provided by src:apache2 itself.
Regression report: https://bz.apache.org/bugzilla/show_bug.cgi?id=65616
Regression patch: https://github.com/apache/httpd/commit/8966e290a6e947fad0289bf4e243b0b552e13726 (2.4.x)
Связанные уязвимости
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).