OESA-2022-1596

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1596
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2022-1596.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2022-1596
Upstream
Published
2022-03-26T11:03:40Z
Modified
2025-08-12T05:12:29.069690Z
Summary
httpd security update
Details

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server.

Security Fix(es):

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.(CVE-2022-23943)

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.(CVE-2022-22721)

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling(CVE-2022-22720)

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.(CVE-2022-22719)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / httpd

Package

Name
httpd
Purl
pkg:rpm/openEuler/httpd&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.43-14.oe1

Ecosystem specific 

{
    "aarch64": [
        "mod_ssl-2.4.43-14.oe1.aarch64.rpm",
        "httpd-tools-2.4.43-14.oe1.aarch64.rpm",
        "mod_ldap-2.4.43-14.oe1.aarch64.rpm",
        "httpd-devel-2.4.43-14.oe1.aarch64.rpm",
        "httpd-debuginfo-2.4.43-14.oe1.aarch64.rpm",
        "httpd-2.4.43-14.oe1.aarch64.rpm",
        "mod_proxy_html-2.4.43-14.oe1.aarch64.rpm",
        "mod_md-2.4.43-14.oe1.aarch64.rpm",
        "mod_session-2.4.43-14.oe1.aarch64.rpm",
        "httpd-debugsource-2.4.43-14.oe1.aarch64.rpm"
    ],
    "x86_64": [
        "mod_md-2.4.43-14.oe1.x86_64.rpm",
        "httpd-2.4.43-14.oe1.x86_64.rpm",
        "mod_ssl-2.4.43-14.oe1.x86_64.rpm",
        "httpd-tools-2.4.43-14.oe1.x86_64.rpm",
        "httpd-devel-2.4.43-14.oe1.x86_64.rpm",
        "mod_ldap-2.4.43-14.oe1.x86_64.rpm",
        "mod_proxy_html-2.4.43-14.oe1.x86_64.rpm",
        "mod_session-2.4.43-14.oe1.x86_64.rpm",
        "httpd-debuginfo-2.4.43-14.oe1.x86_64.rpm",
        "httpd-debugsource-2.4.43-14.oe1.x86_64.rpm"
    ],
    "src": [
        "httpd-2.4.43-14.oe1.src.rpm"
    ],
    "noarch": [
        "httpd-help-2.4.43-14.oe1.noarch.rpm",
        "httpd-filesystem-2.4.43-14.oe1.noarch.rpm"
    ]
}

openEuler:20.03-LTS-SP2 / httpd

Package

Name
httpd
Purl
pkg:rpm/openEuler/httpd&distro=openEuler-20.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.43-14.oe1

Ecosystem specific 

{
    "aarch64": [
        "mod_session-2.4.43-14.oe1.aarch64.rpm",
        "mod_ldap-2.4.43-14.oe1.aarch64.rpm",
        "httpd-tools-2.4.43-14.oe1.aarch64.rpm",
        "httpd-debuginfo-2.4.43-14.oe1.aarch64.rpm",
        "mod_md-2.4.43-14.oe1.aarch64.rpm",
        "mod_proxy_html-2.4.43-14.oe1.aarch64.rpm",
        "httpd-debugsource-2.4.43-14.oe1.aarch64.rpm",
        "httpd-2.4.43-14.oe1.aarch64.rpm",
        "httpd-devel-2.4.43-14.oe1.aarch64.rpm",
        "mod_ssl-2.4.43-14.oe1.aarch64.rpm"
    ],
    "x86_64": [
        "httpd-2.4.43-14.oe1.x86_64.rpm",
        "mod_session-2.4.43-14.oe1.x86_64.rpm",
        "httpd-debugsource-2.4.43-14.oe1.x86_64.rpm",
        "httpd-devel-2.4.43-14.oe1.x86_64.rpm",
        "httpd-tools-2.4.43-14.oe1.x86_64.rpm",
        "mod_ssl-2.4.43-14.oe1.x86_64.rpm",
        "mod_proxy_html-2.4.43-14.oe1.x86_64.rpm",
        "httpd-debuginfo-2.4.43-14.oe1.x86_64.rpm",
        "mod_md-2.4.43-14.oe1.x86_64.rpm",
        "mod_ldap-2.4.43-14.oe1.x86_64.rpm"
    ],
    "src": [
        "httpd-2.4.43-14.oe1.src.rpm"
    ],
    "noarch": [
        "httpd-filesystem-2.4.43-14.oe1.noarch.rpm",
        "httpd-help-2.4.43-14.oe1.noarch.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / httpd

Package

Name
httpd
Purl
pkg:rpm/openEuler/httpd&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.43-14.oe1

Ecosystem specific 

{
    "aarch64": [
        "httpd-debugsource-2.4.43-14.oe1.aarch64.rpm",
        "httpd-devel-2.4.43-14.oe1.aarch64.rpm",
        "mod_proxy_html-2.4.43-14.oe1.aarch64.rpm",
        "mod_session-2.4.43-14.oe1.aarch64.rpm",
        "mod_ldap-2.4.43-14.oe1.aarch64.rpm",
        "httpd-tools-2.4.43-14.oe1.aarch64.rpm",
        "httpd-2.4.43-14.oe1.aarch64.rpm",
        "mod_md-2.4.43-14.oe1.aarch64.rpm",
        "mod_ssl-2.4.43-14.oe1.aarch64.rpm",
        "httpd-debuginfo-2.4.43-14.oe1.aarch64.rpm"
    ],
    "x86_64": [
        "mod_proxy_html-2.4.43-14.oe1.x86_64.rpm",
        "httpd-devel-2.4.43-14.oe1.x86_64.rpm",
        "mod_ldap-2.4.43-14.oe1.x86_64.rpm",
        "mod_session-2.4.43-14.oe1.x86_64.rpm",
        "httpd-debuginfo-2.4.43-14.oe1.x86_64.rpm",
        "httpd-tools-2.4.43-14.oe1.x86_64.rpm",
        "mod_ssl-2.4.43-14.oe1.x86_64.rpm",
        "mod_md-2.4.43-14.oe1.x86_64.rpm",
        "httpd-2.4.43-14.oe1.x86_64.rpm",
        "httpd-debugsource-2.4.43-14.oe1.x86_64.rpm"
    ],
    "src": [
        "httpd-2.4.43-14.oe1.src.rpm"
    ],
    "noarch": [
        "httpd-filesystem-2.4.43-14.oe1.noarch.rpm",
        "httpd-help-2.4.43-14.oe1.noarch.rpm"
    ]
}