CVE-2021-41524

CVE-2021-41524: null pointer dereference in h2 fuzzing

Vendor Apache Software Foundation
Product Apache HTTP Server
Weakness CWE-476
Published October 5, 2021
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.

Key dates

02Disclosure timeline

October 5, 2021 CVE published
August 4, 2024 Record updated