QwikSec

Security Database

CVE

CWE

Training

CVE-2022-28614

Published: Jun 8, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.

Vendor	Product	Versions
Apache Software Foundation	Apache HTTP Server	affected `unspecified - <= 2.4.53`

Weaknesses (CWE)

References

https://httpd.apache.org/security/vulnerabilities_24.html

x_refsource_MISC

[oss-security] 20220608 CVE-2022-28614: Apache HTTP Server: read beyond bounds via ap_rwrite()

mailing-list

x_refsource_MLIST

https://security.netapp.com/advisory/ntap-20220624-0005/

x_refsource_CONFIRM

FEDORA-2022-e620fb15d5

vendor-advisory

x_refsource_FEDORA

FEDORA-2022-b54a8dee29

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.