CVE-2022-22721

CWE-190 — Integer Overflow CWE-787 — Out-of-bounds Write13 documents10 sources

Severity

9.1CRITICAL

EPSS

13.2%

top 5.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X Apple Macos Apache Software Foundation Apache Http Server +6 more

Timeline

PublishedMar 14

Latest updateJul 15

Description

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages8 packages

▶NVDapache/http_server2.4.52

▶CVEListV5apache_software_foundation/apache_http_serverApache HTTP Server 2.4 — 2.4.52

▶NVDoracle/http_server12.2.1.3.0, 12.2.1.4.0+1

▶Debianapache2< 2.4.53-1~deb11u1+3

▶NVDapple/macos11.0 — 11.6.6+1

Also affects: Debian Linux 9.0, Fedora 34, 35, 36

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-24r7-x8mx-hc2h: If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later cau↗2022-03-15

▶

OSV

CVE-2022-22721: If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later cau↗2022-03-14

▶

CVEList

core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody↗2022-03-14

▶

📋Vendor Advisories

Oracle

Oracle Oracle Enterprise Manager Risk Matrix: Networking (Apache HTTP Server) — CVE-2022-22721↗2022-07-15

▶

Apple

CVE-2022-22721: Security Update 2022-004 Catalina↗2022-05-16

▶

Apple

CVE-2022-22721: macOS Big Sur 11.6.6↗2022-05-16

▶

Apple

CVE-2022-22721: macOS Monterey 12.4↗2022-05-16

▶

Ubuntu

Apache HTTP Server vulnerabilities↗2022-03-17

▶