CVE-2022-28615

Updated: 2023-11-07 19:50:13.628069

Description:

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 6.4
CVSS Version 3.x CRITICAL 9.1

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU httpd 2.4.53 9.1 CRITICAL Already Fixed 2023-11-08 08:36:00
CentOS 6 ELS httpd 2.2.15 9.1 CRITICAL Released CLSA-2022:1656447241 2022-07-11 11:45:44
CentOS 7 ELS httpd 2.4.6 9.1 CRITICAL Released CLSA-2023:1695752598 2023-09-26 17:08:01
CentOS 8.4 ELS httpd 2.4.37 9.1 CRITICAL Released CLSA-2022:1656429967 2022-06-28 11:50:04
CentOS 8.5 ELS httpd 2.4.37 9.1 CRITICAL Released CLSA-2022:1656430448 2022-06-28 11:50:04
CloudLinux 6 ELS httpd 2.2.15 9.1 CRITICAL Released CLSA-2022:1657643056 2022-07-13 20:38:27
Oracle Linux 6 ELS httpd 2.2.15 9.1 CRITICAL Released CLSA-2022:1656430723 2022-06-28 11:50:04
Ubuntu 16.04 ELS apache2 2.4.18 9.1 CRITICAL Released CLSA-2022:1656430949 2022-06-28 11:50:04
Ubuntu 18.04 ELS apache2 2.4.29 9.1 CRITICAL Already Fixed 2023-04-28 08:48:53