CVE-2022-23943
Published: 14 March 2022
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.
Priority
Status
Package | Release | Status |
---|---|---|
apache2 Launchpad, Ubuntu, Debian |
bionic |
Released
(2.4.29-1ubuntu4.22)
|
focal |
Released
(2.4.41-4ubuntu3.10)
|
|
impish |
Released
(2.4.48-3.1ubuntu3.3)
|
|
jammy |
Released
(2.4.52-1ubuntu2)
|
|
trusty |
Released
(2.4.7-1ubuntu4.22+esm4)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Needs triage
|
|
xenial |
Released
(2.4.18-2ubuntu3.17+esm5)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
Patches: upstream: https://github.com/apache/httpd/commit/943f57b336f264d77e5b780c82ab73daf3d14deb upstream: https://github.com/apache/httpd/commit/e266bd09c313a668d7cca17a8b096d189148be49 upstream: https://svn.apache.org/viewvc?view=revision&revision=1898695 upstream: https://svn.apache.org/viewvc?view=revision&revision=1898772 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |