The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.
References
Configurations
History
07 Nov 2023, 03:45
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
24 Aug 2022, 18:25
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fedoraproject
Netapp Netapp clustered Data Ontap Fedoraproject fedora |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/ - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202208-20 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/ - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220624-0005/ - Third Party Advisory | |
CPE | cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* |
15 Aug 2022, 11:20
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Jul 2022, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Jul 2022, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Jun 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Jun 2022, 14:28
Type | Values Removed | Values Added |
---|---|---|
First Time |
Apache
Apache http Server |
|
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/06/08/4 - Mailing List, Third Party Advisory | |
References | (MISC) https://httpd.apache.org/security/vulnerabilities_24.html - Vendor Advisory | |
CWE | CWE-190 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
CPE | cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* |
15 Jun 2022, 07:15
Type | Values Removed | Values Added |
---|---|---|
Summary | The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. |
09 Jun 2022, 17:33
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-09 17:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-28614
Mitre link : CVE-2022-28614
CVE.ORG link : CVE-2022-28614
JSON object : View
Products Affected
netapp
- clustered_data_ontap
apache
- http_server
fedoraproject
- fedora