Vulnerability Details CVE-2022-22728
A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.0%
CVSS Severity
CVSS v3 Score 7.5
References
- http://www.openwall.com/lists/oss-security/2022/08/25/3
- http://www.openwall.com/lists/oss-security/2022/08/25/4
- http://www.openwall.com/lists/oss-security/2022/08/26/4
- http://www.openwall.com/lists/oss-security/2022/12/29/1
- http://www.openwall.com/lists/oss-security/2022/12/30/4
- http://www.openwall.com/lists/oss-security/2022/12/31/1
- http://www.openwall.com/lists/oss-security/2022/12/31/5
- http://www.openwall.com/lists/oss-security/2023/01/02/1
- http://www.openwall.com/lists/oss-security/2023/01/02/2
- http://www.openwall.com/lists/oss-security/2023/01/03/2
- https://lists.apache.org/thread/2fsjoor96d47vtkpf76x4yo06nccvy1y
- https://lists.debian.org/debian-lts-announce/2023/01/msg00009.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PUUS3JL44UUSLJTSXE46HVKZIW7E7PE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3HZZKVHYYWACPWONPEFRNPIRE3HYLV4T/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE5MEHGIQUEIISBCVHM43IN2NBDXBFOJ/
- https://security.gentoo.org/glsa/202305-20
- http://www.openwall.com/lists/oss-security/2022/08/25/3
- http://www.openwall.com/lists/oss-security/2022/08/25/4
- http://www.openwall.com/lists/oss-security/2022/08/26/4
- http://www.openwall.com/lists/oss-security/2022/12/29/1
- http://www.openwall.com/lists/oss-security/2022/12/30/4
- http://www.openwall.com/lists/oss-security/2022/12/31/1
- http://www.openwall.com/lists/oss-security/2022/12/31/5
- http://www.openwall.com/lists/oss-security/2023/01/02/1
- http://www.openwall.com/lists/oss-security/2023/01/02/2
- http://www.openwall.com/lists/oss-security/2023/01/03/2
- https://lists.apache.org/thread/2fsjoor96d47vtkpf76x4yo06nccvy1y
- https://lists.debian.org/debian-lts-announce/2023/01/msg00009.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PUUS3JL44UUSLJTSXE46HVKZIW7E7PE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3HZZKVHYYWACPWONPEFRNPIRE3HYLV4T/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE5MEHGIQUEIISBCVHM43IN2NBDXBFOJ/
- https://security.gentoo.org/glsa/202305-20
Products affected by CVE-2022-22728
-
cpe:2.3:a:apache:libapreq2:0.31
-
cpe:2.3:a:apache:libapreq2:0.31_03
-
cpe:2.3:a:apache:libapreq2:0.33
-
cpe:2.3:a:apache:libapreq2:1.0
-
cpe:2.3:a:apache:libapreq2:1.1
-
cpe:2.3:a:apache:libapreq2:1.2
-
cpe:2.3:a:apache:libapreq2:1.3
-
cpe:2.3:a:apache:libapreq2:1.33
-
cpe:2.3:a:apache:libapreq2:1.34
-
cpe:2.3:a:apache:libapreq2:2.01_03
-
cpe:2.3:a:apache:libapreq2:2.02_02
-
cpe:2.3:a:apache:libapreq2:2.03_04
-
cpe:2.3:a:apache:libapreq2:2.04_03
-
cpe:2.3:a:apache:libapreq2:2.05
-
cpe:2.3:a:apache:libapreq2:2.06
-
cpe:2.3:a:apache:libapreq2:2.07
-
cpe:2.3:a:apache:libapreq2:2.08
-
cpe:2.3:a:apache:libapreq2:2.12
-
cpe:2.3:a:apache:libapreq2:2.13
-
cpe:2.3:a:apache:libapreq2:2.15
-
cpe:2.3:a:apache:libapreq2:2.16
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:fedoraproject:fedora:35
-
cpe:2.3:o:fedoraproject:fedora:36
-
cpe:2.3:o:fedoraproject:fedora:37