Home

CVE-2022-22721

Description

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

Risk Information

Base Score
9.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS Score
Exploitation Probability
16.88

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2022-22719,CVE-2022-22720,CVE-2022-22721,CVE-2022-23943 are fixed in Apache Apache 2.4.53Windows
Multiple vulnerabilities are fixed in IBM HTTP 8.5.5.2Windows
Multiple vulnerabilities are fixed in IBM HTTP 9.0.5.12Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0Windows
Multiple vulnerabilities are fixed in Mac OS - Monterey 12.4 (Software Update) - AutoRebootMac
Multiple vulnerabilities are fixed in MacOS Big Sur 11.6.6 - Software UpdateMac
SUSE-SU-2022:0928-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-2.4.51-35.13.1.x86_64.rpmLinux
SUSE-SU-2022:0928-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-debuginfo-2.4.51-35.13.1.x86_64.rpmLinux
SUSE-SU-2022:0928-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-debugsource-2.4.51-35.13.1.x86_64.rpmLinux
SUSE-SU-2022:0928-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-doc-2.4.51-35.13.1.noarch.rpmLinux
SUSE-SU-2022:0928-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-example-pages-2.4.51-35.13.1.x86_64.rpmLinux
SUSE-SU-2022:0928-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-prefork-2.4.51-35.13.1.x86_64.rpmLinux
SUSE-SU-2022:0928-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-prefork-debuginfo-2.4.51-35.13.1.x86_64.rpmLinux
SUSE-SU-2022:0928-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-utils-2.4.51-35.13.1.x86_64.rpmLinux
SUSE-SU-2022:0928-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-utils-debuginfo-2.4.51-35.13.1.x86_64.rpmLinux
SUSE-SU-2022:0928-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-worker-2.4.51-35.13.1.x86_64.rpmLinux
SUSE-SU-2022:0928-1(SUSE Linux Enterprise Server 12-SP5 ) apache2-worker-debuginfo-2.4.51-35.13.1.x86_64.rpmLinux
(RHSA-2022:8067) httpd security, bug fix, and enhancement update httpd-2.4.53-7.el9.x86_64.rpmLinux
(RHSA-2022:8067) httpd security, bug fix, and enhancement update httpd-core-2.4.53-7.el9.x86_64.rpmLinux
(RHSA-2022:8067) httpd security, bug fix, and enhancement update httpd-debugsource-2.4.53-7.el9.x86_64.rpmLinux
(RHSA-2022:8067) httpd security, bug fix, and enhancement update httpd-devel-2.4.53-7.el9.x86_64.rpmLinux
(RHSA-2022:8067) httpd security, bug fix, and enhancement update httpd-filesystem-2.4.53-7.el9.noarch.rpmLinux
(RHSA-2022:8067) httpd security, bug fix, and enhancement update httpd-manual-2.4.53-7.el9.noarch.rpmLinux
(RHSA-2022:8067) httpd security, bug fix, and enhancement update httpd-tools-2.4.53-7.el9.x86_64.rpmLinux
(RHSA-2022:8067) httpd security, bug fix, and enhancement update mod_ldap-2.4.53-7.el9.x86_64.rpmLinux
(RHSA-2022:8067) httpd security, bug fix, and enhancement update mod_lua-2.4.53-7.el9.x86_64.rpmLinux
(RHSA-2022:8067) httpd security, bug fix, and enhancement update mod_proxy_html-2.4.53-7.el9.x86_64.rpmLinux
(RHSA-2022:8067) httpd security, bug fix, and enhancement update mod_session-2.4.53-7.el9.x86_64.rpmLinux
(RHSA-2022:8067) httpd security, bug fix, and enhancement update mod_ssl-2.4.53-7.el9.x86_64.rpmLinux
Vulnerabilities CVE-2022-22719,CVE-2022-22720,CVE-2022-22721,CVE-2022-23943 are fixed in Apache Apache 2.4.53 (For Linux)Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-608134Mac OS - Monterey 12.7.6 (Software Update) - AutoReboot (CVE-2024-27877)
PATCH-605753MacOS Big Sur 11.7.10 - Software Update (Force Reboot)(CVE-2023-41064)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234