CVE-2022-22721

Updated: 2022-12-19 19:53:43.207873

Description:

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5.8
CVSS Version 3.x CRITICAL 9.1

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS httpd 2.2.15 9.1 CRITICAL Released CLSA-2022:1648136177 2022-05-05 12:04:58
CentOS 8.4 ELS httpd 2.4.37 9.1 CRITICAL Released CLSA-2022:1648136371 2022-04-19 21:49:48
CentOS 8.5 ELS httpd 2.4.37 9.1 CRITICAL Released CLSA-2022:1648136411 2022-04-19 21:49:49
CloudLinux 6 ELS httpd 2.2.15 9.1 CRITICAL Released CLSA-2022:1648136246 2022-04-19 21:49:48
Oracle Linux 6 ELS httpd 2.2.15 9.1 CRITICAL Released CLSA-2022:1648136281 2022-04-19 21:49:48
Ubuntu 16.04 ELS apache2 2.4.18 9.1 CRITICAL Released CLSA-2022:1648136327 2022-04-19 21:49:45
Ubuntu 18.04 ELS apache2 2.4.29 9.1 CRITICAL Already Fixed 2023-04-28 08:48:54