CVE-2022-23943

Updated: 2023-11-07 19:31:53.733795

Description:

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x HIGH 7.5
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS httpd 2.2.15 9.8 CRITICAL Not Vulnerable 2022-04-20 16:01:54
CentOS 7 ELS httpd 2.4.6 9.8 CRITICAL Released CLSA-2023:1695752598 2023-09-26 17:08:06
CentOS 8.4 ELS httpd 2.4.37 9.8 CRITICAL Released CLSA-2022:1648136371 2022-04-20 16:01:54
CentOS 8.5 ELS httpd 2.4.37 9.8 CRITICAL Released CLSA-2022:1648136411 2022-04-20 16:01:54
CloudLinux 6 ELS httpd 2.2.15 9.8 CRITICAL Not Vulnerable 2022-04-20 16:01:54
CloudLinux 7 ELS httpd 2.4.6 9.8 CRITICAL In Rollout CLSA-2024:1726078096 2024-09-11 14:23:36
Oracle Linux 6 ELS httpd 2.2.15 9.8 CRITICAL Not Vulnerable 2022-04-20 16:01:54
Ubuntu 16.04 ELS apache2 2.4.18 9.8 CRITICAL Released CLSA-2022:1648136327 2022-04-20 16:01:51
Ubuntu 18.04 ELS apache2 2.4.29 9.8 CRITICAL Already Fixed 2023-04-28 08:48:54