BIT-apache-2022-28614
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/apache/BIT-apache-2022-28614.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-apache-2022-28614
- Aliases
- Published
- 2024-03-06T10:52:51.677Z
- Modified
- 2024-10-02T07:52:37.481Z
- Summary
- [none]
- Details
-
The aprwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using aprwrite() or aprputs(), such as with modluas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'aprputs' function and may pass it a very large (INTMAX or larger) string must be compiled against current headers to resolve the issue.
- References
-
- http://www.openwall.com/lists/oss-security/2022/06/08/4
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/
- https://security.gentoo.org/glsa/202208-20
- https://security.netapp.com/advisory/ntap-20220624-0005/
Affected packages
Bitnami / apache
Package
- Name
- apache
- Purl
- pkg:bitnami/apache
Severity
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator