Important: libapreq2

2022-09-3002:41:00

alas.aws.amazon.com

apache

libapreq2

buffer overflow

cve-2022-22728

denial of service

update

packages

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.029 Low

EPSS

Percentile

90.8%

JSON

Issue Overview:

A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. (CVE-2022-22728)

Affected Packages:

libapreq2

Issue Correction:
Run yum update libapreq2 to update your system.

New Packages:

i686:  
    libapreq2-2.13-38.3.amzn1.i686  
    libapreq2-libs-2.13-38.3.amzn1.i686  
    libapreq2-devel-2.13-38.3.amzn1.i686  
    perl-libapreq2-2.13-38.3.amzn1.i686  
    libapreq2-debuginfo-2.13-38.3.amzn1.i686  
  
src:  
    libapreq2-2.13-38.3.amzn1.src  
  
x86_64:  
    libapreq2-libs-2.13-38.3.amzn1.x86_64  
    perl-libapreq2-2.13-38.3.amzn1.x86_64  
    libapreq2-debuginfo-2.13-38.3.amzn1.x86_64  
    libapreq2-devel-2.13-38.3.amzn1.x86_64  
    libapreq2-2.13-38.3.amzn1.x86_64

Additional References

Red Hat: CVE-2022-22728

Mitre: CVE-2022-22728

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686libapreq2< 2.13-38.3.amzn1libapreq2-2.13-38.3.amzn1.i686.rpm
Amazon Linux1i686libapreq2-libs< 2.13-38.3.amzn1libapreq2-libs-2.13-38.3.amzn1.i686.rpm
Amazon Linux1i686libapreq2-devel< 2.13-38.3.amzn1libapreq2-devel-2.13-38.3.amzn1.i686.rpm
Amazon Linux1i686perl-libapreq2< 2.13-38.3.amzn1perl-libapreq2-2.13-38.3.amzn1.i686.rpm
Amazon Linux1i686libapreq2-debuginfo< 2.13-38.3.amzn1libapreq2-debuginfo-2.13-38.3.amzn1.i686.rpm
Amazon Linux1x86_64libapreq2-libs< 2.13-38.3.amzn1libapreq2-libs-2.13-38.3.amzn1.x86_64.rpm
Amazon Linux1x86_64perl-libapreq2< 2.13-38.3.amzn1perl-libapreq2-2.13-38.3.amzn1.x86_64.rpm
Amazon Linux1x86_64libapreq2-debuginfo< 2.13-38.3.amzn1libapreq2-debuginfo-2.13-38.3.amzn1.x86_64.rpm
Amazon Linux1x86_64libapreq2-devel< 2.13-38.3.amzn1libapreq2-devel-2.13-38.3.amzn1.x86_64.rpm
Amazon Linux1x86_64libapreq2< 2.13-38.3.amzn1libapreq2-2.13-38.3.amzn1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	1	i686	libapreq2	< 2.13-38.3.amzn1	libapreq2-2.13-38.3.amzn1.i686.rpm
Amazon Linux	1	i686	libapreq2-libs	< 2.13-38.3.amzn1	libapreq2-libs-2.13-38.3.amzn1.i686.rpm
Amazon Linux	1	i686	libapreq2-devel	< 2.13-38.3.amzn1	libapreq2-devel-2.13-38.3.amzn1.i686.rpm
Amazon Linux	1	i686	perl-libapreq2	< 2.13-38.3.amzn1	perl-libapreq2-2.13-38.3.amzn1.i686.rpm
Amazon Linux	1	i686	libapreq2-debuginfo	< 2.13-38.3.amzn1	libapreq2-debuginfo-2.13-38.3.amzn1.i686.rpm
Amazon Linux	1	x86_64	libapreq2-libs	< 2.13-38.3.amzn1	libapreq2-libs-2.13-38.3.amzn1.x86_64.rpm
Amazon Linux	1	x86_64	perl-libapreq2	< 2.13-38.3.amzn1	perl-libapreq2-2.13-38.3.amzn1.x86_64.rpm
Amazon Linux	1	x86_64	libapreq2-debuginfo	< 2.13-38.3.amzn1	libapreq2-debuginfo-2.13-38.3.amzn1.x86_64.rpm
Amazon Linux	1	x86_64	libapreq2-devel	< 2.13-38.3.amzn1	libapreq2-devel-2.13-38.3.amzn1.x86_64.rpm
Amazon Linux	1	x86_64	libapreq2	< 2.13-38.3.amzn1	libapreq2-2.13-38.3.amzn1.x86_64.rpm