CVE-2022-22721
Published: 14 March 2022
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
Priority
CVSS 3 base score: 9.1
Status
Package | Release | Status |
---|---|---|
apache2 Launchpad, Ubuntu, Debian |
bionic |
Released
(2.4.29-1ubuntu4.22)
|
focal |
Released
(2.4.41-4ubuntu3.10)
|
|
impish |
Released
(2.4.48-3.1ubuntu3.3)
|
|
jammy |
Released
(2.4.52-1ubuntu2)
|
|
trusty |
Released
(2.4.7-1ubuntu4.22+esm4)
|
|
upstream |
Released
(2.4.53)
|
|
xenial |
Released
(2.4.18-2ubuntu3.17+esm5)
|
|
Patches: upstream: https://github.com/apache/httpd/commit/5a72f0fe6f2f8ce35c45242e99a421dc19251ab5 (2.4) upstream: https://svn.apache.org/viewvc?view=revision&revision=1898693 (2.4) |