CVE-2021-39275. ap_escape_quotes buffer overflow
21227
01 August 2023
13 September 2022
CLOSED
MEDIUM
Base Score: 9.8 - CRITICAL - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
N/A
CVE-2021-39275
Summary
Security Advisory ID : BSA-2022-1599
Component : Apache httpd
Revision : 1.1
An out-of-bounds write in function ap_escape_quotes of httpd allows an unauthenticated, remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function.
Affected Products
- All versions of Brocade Fabric OS
Product under investigation
- Brocade Active Support Connectivity Gateway (ASC-G)
Products Confirmed Not Vulnerable
No other Brocade Fibre Channel Products from Broadcom products are known to be affected by this vulnerability.
Solution
Security update provided in Brocade Fabric OS v9.2.0, v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, v7.4.2j
Revision History
|
Version |
Change |
Date |
|---|---|---|
|
1.0 |
Initial Publication |
Sept 13, 2022 |
|
1.1 |
Solution also added to Fabric OS v9.2.0 |
August 1, 2023 |