VDB

CESS-2022-22721

CESS-2022-22721 PUBLISHED CVSS 9.1 CRITICAL

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

Risk Scores

CVSS 3.1
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Timeline

  • Mar 14, 2022 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›