CVE-2022-22721

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-22721

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-22721.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-22721

Aliases

BIT-apache-2022-22721

Downstream

ALPINE-CVE-2022-22721

DEBIAN-CVE-2022-22721

DLA-2960-1

OESA-2022-1596

RHSA-2022:6753

RHSA-2022:7647

RHSA-2022:8067

RHSA-2022:8840

SUSE-SU-2022:0918-1

SUSE-SU-2022:0928-1

SUSE-SU-2022:0929-1

SUSE-SU-2022:1031-1

SUSE-SU-2022:14924-1

UBUNTU-CVE-2022-22721

USN-5333-1

USN-5333-2

openSUSE-SU-2022:1031-1

openSUSE-SU-2024:11919-1

Related

Published

2022-03-14T11:15:09Z

Modified

2025-08-09T20:01:27Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

[none]

Details

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

References

Affected packages