CVE Vulnerabilities

CVE-2022-30556

Published: Jun 09, 2022 | Modified: Nov 07, 2023
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
7.5 LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Ubuntu
MEDIUM

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.

Affected Software

Name Vendor Start Version End Version
Http_server Apache * 2.4.53 (including)
Red Hat Enterprise Linux 8 RedHat httpd:2.4-8070020220725152258.3b9f49c4 *
Red Hat Enterprise Linux 9 RedHat httpd-0:2.4.53-7.el9 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat httpd24-httpd-0:2.4.34-23.el7.5 *
Apache2 Ubuntu bionic *
Apache2 Ubuntu devel *
Apache2 Ubuntu esm-infra/xenial *
Apache2 Ubuntu focal *
Apache2 Ubuntu impish *
Apache2 Ubuntu jammy *
Apache2 Ubuntu kinetic *
Apache2 Ubuntu trusty/esm *
Apache2 Ubuntu upstream *

References