[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption
From:       John Helmert III <ajak () gentoo ! org>
Date:       2022-08-26 16:01:23
Message-ID: YwjuUy0a6FFdHPVB () gentoo ! org
[Download RAW message or body]


On Thu, Aug 25, 2022 at 02:09:16PM +0000, Joe Orton wrote:
> Severity: important
> 
> Description:
> 
> A flaw in libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing \
> multipart form uploads.  A remote attacker could send a request causing a process crash which \
> could lead to a denial of service attack. 

Is there a fixed version or patch or upstream issue?


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]