CVE-2022-22721

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-22721
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-22721.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-22721
Aliases
Downstream
Related
Published
2022-03-14T10:15:40Z
Modified
2026-05-28T04:05:29.025034833Z
Summary
core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
Details

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/22xxx/CVE-2022-22721.json",
    "cna_assigner": "apache",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "Apache HTTP Server 2.4"
                },
                {
                    "last_affected": "2.4.52"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cwe_ids": [
        "CWE-190"
    ]
}
References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type
GIT
Repo
https://github.com/apache/httpd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fed3b8a079835cd63648d8903bc69243ce2c472a
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.52"
        }
    ],
    "cpe": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Affected versions

2.*
2.4.52
candidate-2.*
candidate-2.4.52-rc1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-22721.json"