VDB

ALPINE-CVE-2022-28615

ALPINE-CVE-2022-28615 PUBLISHED CVSS 9.100000381469727 CRITICAL

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.

Risk Scores

CVSS v3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Affected Products

VendorProductVersions
Alpine:v3.23apache20, 2.4.9-r1, 2.4.9-r0
Alpine:v3.22apache22.2.16-r0, 2.4.9-r1, 2.4.9-r0
Alpine:v3.18apache22.4.9-r1, 2.4.9-r0, 2.4.7-r0
Alpine:v3.14apache22.4.3-r2, 0, 2.2.16-r1
Alpine:v3.19apache22.2.22-r1, 2.4.9-r1, 2.4.9-r0
Alpine:v3.13apache22.4.23-r4, 2.2.16-r0, 2.2.16-r1
Alpine:v3.16apache22.4.29-r0, 2.4.29-r1, 2.4.3-r0
Alpine:v3.17apache22.2.16-r3, 2.4.9-r1, 2.4.9-r0
Alpine:v3.21apache20, 2.4.29-r0, 2.4.29-r1
Alpine:v3.20apache22.4.6-r2, 2.2.16-r0, 2.4.9-r1
Alpine:v3.15apache20, 2.2.16-r0, 2.2.16-r1

Timeline

  • Jun 9, 2022 CVE Published
  • Dec 3, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›