Primary

Context

Apache HTTP Server Buffer Overflow Vulnerability in mod_lua

Vulnerability

Patched

A buffer overflow vulnerability has been identified in the Apache HTTP Server mod_lua module, specifically in versions through 2.4.52. This vulnerability allows a carefully crafted request body to be parsed by the Lua script engine, leading to a memory overwrite. The issue was discovered by Chamal De Silva and is classified as moderate severity.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can lead to arbitrary code execution or a crash of the Apache HTTP Server process.

Reproduction

To reproduce this vulnerability, send a request with a crafted body that exploits the Lua multipart parser. This can be done by uploading a file through a web form that triggers the parsing of the request body by a Lua script.

Remediation

Users can upgrade to Apache HTTP Server version 2.4.53 or later, which addresses this vulnerability.

Added: May 15, 2026, 11:50 AM

Updated: May 15, 2026, 11:50 AM

Vulnerability Rating

Custom Algorithm

spread

9.4

impact

2.5

exploitability

8.6

remediation

7.7

relevance

0.0

threat

2.2

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.4

impact

2.5

exploitability

8.6

remediation

7.7

relevance

0.0

threat

2.2

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache HTTP Server Buffer Overflow Vulnerability in mod_lua

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Apache HTTP Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating