Lucene search

K

ApacheCVELIST:CVE-2022-22728

HistoryAug 25, 2022 - 12:00 a.m.

CVE-2022-22728 libapreq2 multipart form parse memory corruption

2022-08-2500:00:00

CWE-120

apache

www.cve.org

1

apache

libapreq2

buffer overflow

multipart form

denial of service

0.029 Low

EPSS

Percentile

90.8%

A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.

CNA Affected

[
  {
    "vendor": "Apache Software Foundation",
    "product": "libapreq2",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "2.16",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

www.openwall.com/lists/oss-security/2022/08/25/3

www.openwall.com/lists/oss-security/2022/08/25/4

www.openwall.com/lists/oss-security/2022/08/26/4

www.openwall.com/lists/oss-security/2022/12/29/1

www.openwall.com/lists/oss-security/2022/12/30/4

www.openwall.com/lists/oss-security/2022/12/31/1

www.openwall.com/lists/oss-security/2022/12/31/5

www.openwall.com/lists/oss-security/2023/01/02/1

www.openwall.com/lists/oss-security/2023/01/02/2

www.openwall.com/lists/oss-security/2023/01/03/2

lists.apache.org/thread/2fsjoor96d47vtkpf76x4yo06nccvy1y

lists.debian.org/debian-lts-announce/2023/01/msg00009.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PUUS3JL44UUSLJTSXE46HVKZIW7E7PE/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3HZZKVHYYWACPWONPEFRNPIRE3HYLV4T/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE5MEHGIQUEIISBCVHM43IN2NBDXBFOJ/

security.gentoo.org/glsa/202305-20

0.029 Low

EPSS

Percentile

90.8%

Related for CVELIST:CVE-2022-22728

fedora3 nessus3 prion1 ubuntucve1 gentoo1 amazon1 openvas5 cve1 debiancve1 debian1 mageia1 osv1 nvd1