CVE-2022-22721

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-22721
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

9.1 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:P

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://seclists.org/fulldisclosure/2022/May/33 Third Party Advisory
http://seclists.org/fulldisclosure/2022/May/35 Third Party Advisory
http://seclists.org/fulldisclosure/2022/May/38 Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/03/14/2 Mailing List Third Party Advisory
https://httpd.apache.org/security/vulnerabilities_24.html Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/
https://security.gentoo.org/glsa/202208-20 Third Party Advisory
https://security.netapp.com/advisory/ntap-20220321-0001/ Third Party Advisory
https://support.apple.com/kb/HT213255 Third Party Advisory
https://support.apple.com/kb/HT213256 Third Party Advisory
https://support.apple.com/kb/HT213257 Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
History

07 Nov 2023, 03:43

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/', 'name': 'FEDORA-2022-21264ec6db', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/', 'name': 'FEDORA-2022-78e3211c55', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/', 'name': 'FEDORA-2022-b4103753e9', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/ -

02 Nov 2022, 13:18

Type Values Removed Values Added
First Time Apple mac Os X
CPE cpe:2.3:o:apple:macos:10.15.7:security_update_2022-001:*:*:*:*:*:*
cpe:2.3:o:apple:macos:10.15.7:security_update_2022-002:*:*:*:*:*:*
cpe:2.3:o:apple:macos:10.15.7:security_update_2021-007:*:*:*:*:*:*
cpe:2.3:o:apple:macos:10.15.7:security_update_2021-006:*:*:*:*:*:*
cpe:2.3:o:apple:macos:10.15.7:security_update_2021-004:*:*:*:*:*:*
cpe:2.3:o:apple:macos:10.15.7:security_update_2022-003:*:*:*:*:*:*
cpe:2.3:o:apple:macos:10.15.7:security_update_2020-001:*:*:*:*:*:*
cpe:2.3:o:apple:macos:10.15.7:security_update_2021-002:*:*:*:*:*:*
cpe:2.3:o:apple:macos:10.15.7:security_update_2021-008:*:*:*:*:*:*
cpe:2.3:o:apple:macos:10.15.7:security_update_2021-005:*:*:*:*:*:*
cpe:2.3:o:apple:macos:10.15.7:security_update_2021-003:*:*:*:*:*:*
cpe:2.3:o:apple:macos:10.15.7:security_update_2021-001:*:*:*:*:*:*		 cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*

30 Aug 2022, 15:53

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:10.15.7:security_update_2021-002:*:*:*:*:*:*
cpe:2.3:o:apple:macos:10.15.7:security_update_2022-001:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:10.15.7:security_update_2021-004:*:*:*:*:*:*
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:10.15.7:security_update_2022-002:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:10.15.7:security_update_2021-005:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:10.15.7:security_update_2021-003:*:*:*:*:*:*
cpe:2.3:o:apple:macos:10.15.7:security_update_2021-001:*:*:*:*:*:*
cpe:2.3:o:apple:macos:10.15.7:security_update_2020-001:*:*:*:*:*:*
cpe:2.3:o:apple:macos:10.15.7:security_update_2022-003:*:*:*:*:*:*
cpe:2.3:o:apple:macos:10.15.7:security_update_2021-006:*:*:*:*:*:*
cpe:2.3:o:apple:macos:10.15.7:security_update_2021-008:*:*:*:*:*:*
cpe:2.3:o:apple:macos:10.15.7:security_update_2021-007:*:*:*:*:*:*
First Time Oracle zfs Storage Appliance Kit
Apple
Oracle enterprise Manager Ops Center
Apple macos
Oracle http Server
Oracle
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/ - Third Party Advisory (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/ - Mailing List, Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2022/May/38 - (FULLDISC) http://seclists.org/fulldisclosure/2022/May/38 - Third Party Advisory
References (GENTOO) https://security.gentoo.org/glsa/202208-20 - (GENTOO) https://security.gentoo.org/glsa/202208-20 - Third Party Advisory
References (CONFIRM) https://support.apple.com/kb/HT213256 - (CONFIRM) https://support.apple.com/kb/HT213256 - Third Party Advisory
References (CONFIRM) https://support.apple.com/kb/HT213257 - (CONFIRM) https://support.apple.com/kb/HT213257 - Third Party Advisory
References (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2022/May/33 - (FULLDISC) http://seclists.org/fulldisclosure/2022/May/33 - Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2022/May/35 - (FULLDISC) http://seclists.org/fulldisclosure/2022/May/35 - Third Party Advisory
References (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Third Party Advisory
References (CONFIRM) https://support.apple.com/kb/HT213255 - (CONFIRM) https://support.apple.com/kb/HT213255 - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/ - Third Party Advisory (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/ - Mailing List, Third Party Advisory
CVSS v2 : 6.8
v3 : 9.8 		v2 : 5.8
v3 : 9.1

15 Aug 2022, 11:17

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202208-20 -

25 Jul 2022, 18:19

Type Values Removed Values Added
References
  • (N/A) https://www.oracle.com/security-alerts/cpujul2022.html -

17 May 2022, 07:15

Type Values Removed Values Added
References
  • (FULLDISC) http://seclists.org/fulldisclosure/2022/May/33 -
  • (FULLDISC) http://seclists.org/fulldisclosure/2022/May/35 -
  • (FULLDISC) http://seclists.org/fulldisclosure/2022/May/38 -

16 May 2022, 20:15

Type Values Removed Values Added
References
  • (CONFIRM) https://support.apple.com/kb/HT213256 -
  • (CONFIRM) https://support.apple.com/kb/HT213257 -
  • (CONFIRM) https://support.apple.com/kb/HT213255 -

20 Apr 2022, 00:16

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -

18 Apr 2022, 18:56

Type Values Removed Values Added
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/ - Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html - (MLIST) https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/ - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/ - Mailing List, Third Party Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20220321-0001/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20220321-0001/ - Third Party Advisory
CPE cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
First Time Debian
Debian debian Linux
Fedoraproject fedora
Fedoraproject

26 Mar 2022, 19:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/ -

26 Mar 2022, 00:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/ -

22 Mar 2022, 10:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html -

22 Mar 2022, 06:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/ -

21 Mar 2022, 15:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20220321-0001/ -

18 Mar 2022, 18:59

Type Values Removed Values Added
CWE CWE-190
CVSS v2 : unknown
v3 : unknown 		v2 : 6.8
v3 : 9.8
CPE cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
First Time Apache http Server
Apache
References (MISC) https://httpd.apache.org/security/vulnerabilities_24.html - (MISC) https://httpd.apache.org/security/vulnerabilities_24.html - Vendor Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2022/03/14/2 - (MLIST) http://www.openwall.com/lists/oss-security/2022/03/14/2 - Mailing List, Third Party Advisory

14 Mar 2022, 15:51

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2022/03/14/2 -

14 Mar 2022, 11:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-03-14 11:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-22721

Mitre link : CVE-2022-22721

CVE.ORG link : CVE-2022-22721

JSON object : View

Products Affected

oracle

  • zfs_storage_appliance_kit
  • enterprise_manager_ops_center
  • http_server

apple

  • macos
  • mac_os_x

debian

  • debian_linux

fedoraproject

  • fedora

apache

  • http_server
CWE
CWE-190

Integer Overflow or Wraparound