VDB
DEBIAN-CVE-2022-28614
DEBIAN-CVE-2022-28614
PUBLISHED
CVSS 5.300000190734863 MEDIUM
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | apache2 | 0, 0, 0 |
| Debian:12 | apache2 | 0, 0, 0 |
| Debian:14 | apache2 | 0, 0, 0 |
| Debian:11 | apache2 | 0, 2.4.48-3.1, 2.4.48-3.1 |
Timeline
- Jun 9, 2022 CVE Published
- Apr 28, 2026 CVE Updated