Updated: 2023-11-07 19:53:19.526345
Description:
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | MEDIUM | 5.8 |
CVSS Version 3.x | CRITICAL | 9.1 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
---|---|---|---|---|---|---|---|
CentOS 6 ELS | httpd | 2.2.15 | 9.1 | CRITICAL | Released | CLSA-2022:1648136177 | 2022-05-05 12:04:58 |
CentOS 7 ELS | httpd | 2.4.6 | 9.1 | CRITICAL | Released | CLSA-2023:1695752598 | 2023-09-26 17:08:05 |
CentOS 8.4 ELS | httpd | 2.4.37 | 9.1 | CRITICAL | Released | CLSA-2022:1648136371 | 2022-04-19 21:49:48 |
CentOS 8.5 ELS | httpd | 2.4.37 | 9.1 | CRITICAL | Released | CLSA-2022:1648136411 | 2022-04-19 21:49:49 |
CloudLinux 6 ELS | httpd | 2.2.15 | 9.1 | CRITICAL | Released | CLSA-2022:1648136246 | 2022-04-19 21:49:48 |
Oracle Linux 6 ELS | httpd | 2.2.15 | 9.1 | CRITICAL | Released | CLSA-2022:1648136281 | 2022-04-19 21:49:48 |
Ubuntu 16.04 ELS | apache2 | 2.4.18 | 9.1 | CRITICAL | Released | CLSA-2022:1648136327 | 2022-04-19 21:49:45 |
Ubuntu 18.04 ELS | apache2 | 2.4.29 | 9.1 | CRITICAL | Already Fixed | 2023-04-28 08:48:54 |