Launchpad CVE tracker

CVE 2022-22721

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

Related bugs and status

CVE-2022-22721 (Candidate) is related to these bugs:

Bug #1971248: Merge apache2 from Debian unstable for kinetic

Summary				In	Importance	Status
	1971248	Merge apache2 from Debian unstable for kinetic		apache2 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://httpd.apache.o...
MLIST: [oss-security] 2022031...
CONFIRM: https://security.netap...
FEDORA: FEDORA-2022-b4103753e9
MLIST: [debian-lts-announce] ...
FEDORA: FEDORA-2022-21264ec6db
FEDORA: FEDORA-2022-78e3211c55
MISC: https://www.oracle.com...
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
FULLDISC: 20220516 APPLE-SA-2022...
FULLDISC: 20220516 APPLE-SA-2022...
FULLDISC: 20220516 APPLE-SA-2022...
MISC: https://www.oracle.com...
GENTOO: GLSA-202208-20

Launchpad.net

CVE 2022-22721

Related bugs and status

Related bugs

References