CVE-2021-34798 vulnerability in Canonical and Other Products
Published on September 16, 2021

NULL pointer dereference in httpd core

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Timeline

2021-09-16

2.4.49 released

Weakness Type

NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.

Products Associated with CVE-2021-34798

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-34798 are published in these products:

Canonical Ubuntu Linux

Apache HTTP Server

Fedora Project Fedora

Debian Linux

NetApp Clustered Data Ontap

NetApp Storagegrid

Tenable Sc

NetApp Cloud Backup

Oracle Instantis Enterprisetrack

Oracle Http Server

Oracle Peoplesoft Enterprise Peopletools

Oracle Enterprise Manager Base Platform

Oracle Zfs Storage Appliance Kit

Oracle Communications Cloud Native Core Network Function Cloud Native Environment

Broadcom Brocade Fabric Operating System Firmware

Siemens Sinema Server

Siemens Sinema Remote Connect Server

Siemens Ruggedcom Nms

Siemens Sinec Nms

Affected Versions

Apache Software Foundation Apache HTTP Server:

Version Apache HTTP Server 2.4, <= 2.4.48 is affected.

Exploit Probability

EPSS

9.88%

Percentile

92.84%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.