CVE-2022-23943
published 2022-03-14CVE-2022-23943: Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | http_server | >= 2.4.0 < 2.4.53 | 2.4.53 |
| apache | httpd | — | — |
| apache_software_foundation | apache_http_server | 2.4 – 2.4.52 | — |
| debian | apache2 | < apache2 2.4.53-1 (bookworm) | apache2 2.4.53-1 (bookworm) |
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| msrc | cbl2_httpd_2.4.53-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_httpd_2.4.53-1_on_cbl_mariner_1.0 | — | — |
| oracle | http_server | — | — |
| oracle | http_server | — | — |
| oracle | zfs_storage_appliance_kit | — | — |
| paloalto | pan-os | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL