VDB
DEBIAN-CVE-2022-22721
DEBIAN-CVE-2022-22721
PUBLISHED
CVSS 9.100000381469727 CRITICAL
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
Risk Scores
CVSS 3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | apache2 | 0, 0, 0 |
| Debian:12 | apache2 | 0, 0, 0 |
| Debian:13 | apache2 | 0, 0, 0 |
| Debian:11 | apache2 | 2.4.49-1, 2.4.49-2, 2.4.49-3 |
Exploit Intelligence
- macos_v2_generated.go (github-poc)
- macos_v1_generated.go (github-poc)
Timeline
- Mar 14, 2022 CVE Published
- Apr 28, 2026 CVE Updated