UBUNTU-CVE-2022-28614
- Source
- https://ubuntu.com/security/CVE-2022-28614
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-28614.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-28614
- Related
- Published
- 2022-06-09T17:15:00Z
- Modified
- 2022-06-09T17:15:00Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The aprwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using aprwrite() or aprputs(), such as with modluas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'aprputs' function and may pass it a very large (INTMAX or larger) string must be compiled against current headers to resolve the issue.
- References
-
- https://ubuntu.com/security/CVE-2022-28614
- https://www.openwall.com/lists/oss-security/2022/06/08/4
- https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28614
- https://ubuntu.com/security/notices/USN-5487-1
- https://ubuntu.com/security/notices/USN-5487-2
- https://ubuntu.com/security/notices/USN-5487-3
- https://www.cve.org/CVERecord?id=CVE-2022-28614
Affected packages
Ubuntu:Pro:14.04:LTS / apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=src?distro=trusty/esm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.7-1ubuntu4.22+esm6
Affected versions
2.*
2.4.6-2ubuntu2
2.4.6-2ubuntu3
2.4.6-2ubuntu4
2.4.7-1ubuntu1
2.4.7-1ubuntu2
2.4.7-1ubuntu3
2.4.7-1ubuntu4
2.4.7-1ubuntu4.1
2.4.7-1ubuntu4.4
2.4.7-1ubuntu4.5
2.4.7-1ubuntu4.6
2.4.7-1ubuntu4.7
2.4.7-1ubuntu4.8
2.4.7-1ubuntu4.9
2.4.7-1ubuntu4.10
2.4.7-1ubuntu4.11
2.4.7-1ubuntu4.13
2.4.7-1ubuntu4.15
2.4.7-1ubuntu4.16
2.4.7-1ubuntu4.17
2.4.7-1ubuntu4.18
2.4.7-1ubuntu4.19
2.4.7-1ubuntu4.20
2.4.7-1ubuntu4.21
2.4.7-1ubuntu4.22
2.4.7-1ubuntu4.22+esm1
2.4.7-1ubuntu4.22+esm2
2.4.7-1ubuntu4.22+esm3
2.4.7-1ubuntu4.22+esm4
2.4.7-1ubuntu4.22+esm5
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "low",
"binaries": [
{
"binary_version": "2.4.7-1ubuntu4.22+esm6",
"binary_name": "apache2"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm6",
"binary_name": "apache2-bin"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm6",
"binary_name": "apache2-bin-dbgsym"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm6",
"binary_name": "apache2-data"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm6",
"binary_name": "apache2-dbg"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm6",
"binary_name": "apache2-dev"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm6",
"binary_name": "apache2-doc"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm6",
"binary_name": "apache2-mpm-event"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm6",
"binary_name": "apache2-mpm-itk"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm6",
"binary_name": "apache2-mpm-prefork"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm6",
"binary_name": "apache2-mpm-worker"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm6",
"binary_name": "apache2-suexec"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm6",
"binary_name": "apache2-suexec-custom"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm6",
"binary_name": "apache2-suexec-custom-dbgsym"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm6",
"binary_name": "apache2-suexec-pristine"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm6",
"binary_name": "apache2-suexec-pristine-dbgsym"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm6",
"binary_name": "apache2-utils"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm6",
"binary_name": "apache2-utils-dbgsym"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm6",
"binary_name": "apache2.2-bin"
},
{
"binary_version": "1:2.4.7-1ubuntu4.22+esm6",
"binary_name": "libapache2-mod-macro"
},
{
"binary_version": "1:2.4.7-1ubuntu4.22+esm6",
"binary_name": "libapache2-mod-proxy-html"
}
]
}
Ubuntu:Pro:16.04:LTS / apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=src?distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.18-2ubuntu3.17+esm6
Affected versions
2.*
2.4.12-2ubuntu2
2.4.17-1ubuntu1
2.4.17-2ubuntu1
2.4.17-3ubuntu1
2.4.18-1ubuntu1
2.4.18-2ubuntu1
2.4.18-2ubuntu2
2.4.18-2ubuntu3
2.4.18-2ubuntu3.1
2.4.18-2ubuntu3.2
2.4.18-2ubuntu3.3
2.4.18-2ubuntu3.4
2.4.18-2ubuntu3.5
2.4.18-2ubuntu3.7
2.4.18-2ubuntu3.8
2.4.18-2ubuntu3.9
2.4.18-2ubuntu3.10
2.4.18-2ubuntu3.12
2.4.18-2ubuntu3.13
2.4.18-2ubuntu3.14
2.4.18-2ubuntu3.15
2.4.18-2ubuntu3.17
2.4.18-2ubuntu3.17+esm1
2.4.18-2ubuntu3.17+esm2
2.4.18-2ubuntu3.17+esm3
2.4.18-2ubuntu3.17+esm4
2.4.18-2ubuntu3.17+esm5
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "low",
"binaries": [
{
"binary_version": "2.4.18-2ubuntu3.17+esm6",
"binary_name": "apache2"
},
{
"binary_version": "2.4.18-2ubuntu3.17+esm6",
"binary_name": "apache2-bin"
},
{
"binary_version": "2.4.18-2ubuntu3.17+esm6",
"binary_name": "apache2-bin-dbgsym"
},
{
"binary_version": "2.4.18-2ubuntu3.17+esm6",
"binary_name": "apache2-data"
},
{
"binary_version": "2.4.18-2ubuntu3.17+esm6",
"binary_name": "apache2-dbg"
},
{
"binary_version": "2.4.18-2ubuntu3.17+esm6",
"binary_name": "apache2-dbgsym"
},
{
"binary_version": "2.4.18-2ubuntu3.17+esm6",
"binary_name": "apache2-dev"
},
{
"binary_version": "2.4.18-2ubuntu3.17+esm6",
"binary_name": "apache2-dev-dbgsym"
},
{
"binary_version": "2.4.18-2ubuntu3.17+esm6",
"binary_name": "apache2-doc"
},
{
"binary_version": "2.4.18-2ubuntu3.17+esm6",
"binary_name": "apache2-suexec-custom"
},
{
"binary_version": "2.4.18-2ubuntu3.17+esm6",
"binary_name": "apache2-suexec-custom-dbgsym"
},
{
"binary_version": "2.4.18-2ubuntu3.17+esm6",
"binary_name": "apache2-suexec-pristine"
},
{
"binary_version": "2.4.18-2ubuntu3.17+esm6",
"binary_name": "apache2-suexec-pristine-dbgsym"
},
{
"binary_version": "2.4.18-2ubuntu3.17+esm6",
"binary_name": "apache2-utils"
},
{
"binary_version": "2.4.18-2ubuntu3.17+esm6",
"binary_name": "apache2-utils-dbgsym"
}
]
}
Ubuntu:18.04:LTS / apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.29-1ubuntu4.24
Affected versions
2.*
2.4.27-2ubuntu3
2.4.29-1ubuntu1
2.4.29-1ubuntu2
2.4.29-1ubuntu3
2.4.29-1ubuntu4
2.4.29-1ubuntu4.1
2.4.29-1ubuntu4.2
2.4.29-1ubuntu4.3
2.4.29-1ubuntu4.4
2.4.29-1ubuntu4.5
2.4.29-1ubuntu4.6
2.4.29-1ubuntu4.7
2.4.29-1ubuntu4.8
2.4.29-1ubuntu4.10
2.4.29-1ubuntu4.11
2.4.29-1ubuntu4.12
2.4.29-1ubuntu4.13
2.4.29-1ubuntu4.14
2.4.29-1ubuntu4.16
2.4.29-1ubuntu4.17
2.4.29-1ubuntu4.18
2.4.29-1ubuntu4.19
2.4.29-1ubuntu4.20
2.4.29-1ubuntu4.21
2.4.29-1ubuntu4.22
2.4.29-1ubuntu4.23
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"binary_version": "2.4.29-1ubuntu4.24",
"binary_name": "apache2"
},
{
"binary_version": "2.4.29-1ubuntu4.24",
"binary_name": "apache2-bin"
},
{
"binary_version": "2.4.29-1ubuntu4.24",
"binary_name": "apache2-data"
},
{
"binary_version": "2.4.29-1ubuntu4.24",
"binary_name": "apache2-dbg"
},
{
"binary_version": "2.4.29-1ubuntu4.24",
"binary_name": "apache2-dev"
},
{
"binary_version": "2.4.29-1ubuntu4.24",
"binary_name": "apache2-doc"
},
{
"binary_version": "2.4.29-1ubuntu4.24",
"binary_name": "apache2-ssl-dev"
},
{
"binary_version": "2.4.29-1ubuntu4.24",
"binary_name": "apache2-suexec-custom"
},
{
"binary_version": "2.4.29-1ubuntu4.24",
"binary_name": "apache2-suexec-pristine"
},
{
"binary_version": "2.4.29-1ubuntu4.24",
"binary_name": "apache2-utils"
}
]
}
Ubuntu:20.04:LTS / apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.41-4ubuntu3.12
Affected versions
2.*
2.4.41-1ubuntu1
2.4.41-4ubuntu1
2.4.41-4ubuntu2
2.4.41-4ubuntu3
2.4.41-4ubuntu3.1
2.4.41-4ubuntu3.3
2.4.41-4ubuntu3.4
2.4.41-4ubuntu3.5
2.4.41-4ubuntu3.6
2.4.41-4ubuntu3.7
2.4.41-4ubuntu3.8
2.4.41-4ubuntu3.9
2.4.41-4ubuntu3.10
2.4.41-4ubuntu3.11
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"binary_version": "2.4.41-4ubuntu3.12",
"binary_name": "apache2"
},
{
"binary_version": "2.4.41-4ubuntu3.12",
"binary_name": "apache2-bin"
},
{
"binary_version": "2.4.41-4ubuntu3.12",
"binary_name": "apache2-bin-dbgsym"
},
{
"binary_version": "2.4.41-4ubuntu3.12",
"binary_name": "apache2-data"
},
{
"binary_version": "2.4.41-4ubuntu3.12",
"binary_name": "apache2-dev"
},
{
"binary_version": "2.4.41-4ubuntu3.12",
"binary_name": "apache2-doc"
},
{
"binary_version": "2.4.41-4ubuntu3.12",
"binary_name": "apache2-ssl-dev"
},
{
"binary_version": "2.4.41-4ubuntu3.12",
"binary_name": "apache2-suexec-custom"
},
{
"binary_version": "2.4.41-4ubuntu3.12",
"binary_name": "apache2-suexec-custom-dbgsym"
},
{
"binary_version": "2.4.41-4ubuntu3.12",
"binary_name": "apache2-suexec-pristine"
},
{
"binary_version": "2.4.41-4ubuntu3.12",
"binary_name": "apache2-suexec-pristine-dbgsym"
},
{
"binary_version": "2.4.41-4ubuntu3.12",
"binary_name": "apache2-utils"
},
{
"binary_version": "2.4.41-4ubuntu3.12",
"binary_name": "apache2-utils-dbgsym"
},
{
"binary_version": "2.4.41-4ubuntu3.12",
"binary_name": "libapache2-mod-md"
},
{
"binary_version": "2.4.41-4ubuntu3.12",
"binary_name": "libapache2-mod-proxy-uwsgi"
}
]
}
Ubuntu:22.04:LTS / apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.52-1ubuntu4.1
Affected versions
2.*
2.4.48-3.1ubuntu3
2.4.48-3.1ubuntu4
2.4.51-2ubuntu1
2.4.52-1ubuntu1
2.4.52-1ubuntu2
2.4.52-1ubuntu4
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"binary_version": "2.4.52-1ubuntu4.1",
"binary_name": "apache2"
},
{
"binary_version": "2.4.52-1ubuntu4.1",
"binary_name": "apache2-bin"
},
{
"binary_version": "2.4.52-1ubuntu4.1",
"binary_name": "apache2-bin-dbgsym"
},
{
"binary_version": "2.4.52-1ubuntu4.1",
"binary_name": "apache2-data"
},
{
"binary_version": "2.4.52-1ubuntu4.1",
"binary_name": "apache2-dev"
},
{
"binary_version": "2.4.52-1ubuntu4.1",
"binary_name": "apache2-doc"
},
{
"binary_version": "2.4.52-1ubuntu4.1",
"binary_name": "apache2-ssl-dev"
},
{
"binary_version": "2.4.52-1ubuntu4.1",
"binary_name": "apache2-suexec-custom"
},
{
"binary_version": "2.4.52-1ubuntu4.1",
"binary_name": "apache2-suexec-custom-dbgsym"
},
{
"binary_version": "2.4.52-1ubuntu4.1",
"binary_name": "apache2-suexec-pristine"
},
{
"binary_version": "2.4.52-1ubuntu4.1",
"binary_name": "apache2-suexec-pristine-dbgsym"
},
{
"binary_version": "2.4.52-1ubuntu4.1",
"binary_name": "apache2-utils"
},
{
"binary_version": "2.4.52-1ubuntu4.1",
"binary_name": "apache2-utils-dbgsym"
},
{
"binary_version": "2.4.52-1ubuntu4.1",
"binary_name": "libapache2-mod-md"
},
{
"binary_version": "2.4.52-1ubuntu4.1",
"binary_name": "libapache2-mod-proxy-uwsgi"
}
]
}