[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2022-22721: Apache HTTP Server: core: Possible buffer overflow with very large or
From: Stefan Eissing <icing () apache ! org>
Date: 2022-03-14 10:07:40
Message-ID: 28650426-1002-ea94-54a5-71841b755b52 () apache ! org
[Download RAW message or body]
Severity: low
Description:
If LimitXMLRequestBody is set to allow request bodies larger than 350MB =
(defaults to 1M) on 32 bit systems an integer overflow happens which later =
causes out of bounds writes.
This issue affects Apache HTTP Server 2.4.52 and earlier.
Credit:
Anonymous working with Trend Micro Zero Day Initiative
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic