CVE-2023-31122

CWE-125 — Out-of-bounds Read11 documents8 sources

Severity

7.5HIGH

EPSS

0.4%

top 37.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server Apache Software Foundation Apache Http Server Debian Debian Linux +1 more

Timeline

PublishedOct 23

Latest updateApr 15

Description

Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDapache/http_server< 2.4.58

▶CVEListV5apache_software_foundation/apache_http_server2.4.57

▶Debianapache2< 2.4.59-1~deb11u1+3

▶Ubuntuapache2< 2.4.41-4ubuntu3.15+1

Also affects: Debian Linux 10.0, Fedora 38

🔴Vulnerability Details

OSV

apache2 vulnerabilities↗2023-11-22

▶

CVEList

Apache HTTP Server: mod_macro buffer over-read↗2023-10-23

▶

OSV

CVE-2023-31122: Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server↗2023-10-23

▶

GHSA

GHSA-xw7g-pw64-xph3: Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server↗2023-10-23

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: Security (Apache HTTP Server) — CVE-2023-31122↗2024-04-15

▶

Oracle

Oracle Oracle Communications Applications Risk Matrix: Core (Apache HTTP Server) — CVE-2023-31122↗2024-01-15

▶

Ubuntu

Apache HTTP Server vulnerability↗2023-11-23

▶

Ubuntu

Apache HTTP Server vulnerabilities↗2023-11-22

▶

Red Hat

httpd: mod_macro: out-of-bounds read vulnerability↗2023-10-19

▶