VDB
ALPINE-CVE-2022-23943
ALPINE-CVE-2022-23943
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.13 | apache2 | 0, 0, 2.4.9-r1 |
| Alpine:v3.18 | apache2 | 2.4.28-r0, 2.4.27-r2, 2.4.27-r1 |
| Alpine:v3.19 | apache2 | 2.2.16-r3, 2.4.38-r2, 2.4.17-r4 |
| Alpine:v3.16 | apache2 | 2.4.23-r7, 0, 2.4.9-r1 |
| Alpine:v3.21 | apache2 | 2.4.9-r1, 0, 2.2.16-r0 |
| Alpine:v3.15 | apache2 | 2.2.17-r1, 2.4.9-r0, 2.4.7-r0 |
| Alpine:v3.12 | apache2 | 0, 2.4.3-r2, 2.4.3-r0 |
| Alpine:v3.20 | apache2 | 2.4.37-r0, 0, 2.4.9-r1 |
| Alpine:v3.23 | apache2 | 2.4.23-r4, 2.4.41-r0, 2.4.23-r4 |
| Alpine:v3.14 | apache2 | 2.4.18-r2, 2.4.20-r0, 2.4.20-r1 |
| Alpine:v3.22 | apache2 | 2.4.17-r1, 2.2.16-r2, 0 |
| Alpine:v3.17 | apache2 | 2.2.16-r0, 0, 2.4.33-r0 |
| Alpine:v3.24 | apache2 | 0 |
Timeline
- Mar 14, 2022 CVE Published
- Apr 30, 2026 Distribution Patch
- Jun 15, 2026 CVE Updated