CVE-2022-23943

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-23943

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23943.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-23943

Aliases

BIT-apache-2022-23943

Downstream

ALPINE-CVE-2022-23943

DEBIAN-CVE-2022-23943

DLA-2960-1

OESA-2022-1596

RHSA-2022:6753

RHSA-2022:7647

RHSA-2022:8067

RHSA-2022:8840

SUSE-SU-2022:0918-1

SUSE-SU-2022:0928-1

SUSE-SU-2022:0929-1

SUSE-SU-2022:1031-1

UBUNTU-CVE-2022-23943

USN-5333-1

USN-5333-2

openSUSE-SU-2022:1031-1

openSUSE-SU-2024:11919-1

Related

Published

2022-03-14T11:15:09Z

Modified

2025-05-01T15:37:55Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.

References

Affected packages

Git / github.com/apache/httpd

Affected ranges

Type: GIT
Repo: https://github.com/apache/httpd
Events: Introduced

da5873e80d6eee7a0838793bf68f1d0254745fbb

Fixed

4654faee107e0c3a830c204a1dc94700705e8e86