CVE-2022-23943

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-23943
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23943.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-23943
Aliases
Downstream
Related
Published
2022-03-14T11:15:09.187Z
Modified
2026-04-16T00:07:42.559655824Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.

Database specific 
{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "12.2.1.3.0"
                }
            ],
            "cpe": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "12.2.1.4.0"
                }
            ],
            "cpe": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "8.8"
                }
            ],
            "cpe": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "9.0"
                }
            ],
            "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "34"
                }
            ],
            "cpe": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "35"
                }
            ],
            "cpe": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "36"
                }
            ],
            "cpe": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*"
        }
    ]
}
References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type
GIT
Repo
https://github.com/apache/httpd
Events
Introduced
da5873e80d6eee7a0838793bf68f1d0254745fbb
Fixed
4654faee107e0c3a830c204a1dc94700705e8e86
Database specific 
{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "2.4.0"
        },
        {
            "fixed": "2.4.53"
        }
    ],
    "cpe": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23943.json"