[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253164

 
 

909

 
 

197077

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2022-22728Date: (C)2022-08-26   (M)2023-12-22


A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.5CVSS Score :
Exploit Score: 3.9Exploit Score:
Impact Score: 3.6Impact Score:
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector:
Attack Complexity: LOWAccess Complexity:
Privileges Required: NONEAuthentication:
User Interaction: NONEConfidentiality:
Scope: UNCHANGEDIntegrity:
Confidentiality: NONEAvailability:
Integrity: NONE 
Availability: HIGH 
  
Reference:
FEDORA-2022-61f5b492b7
FEDORA-2022-9e5046934e
FEDORA-2022-cf658a432f
GLSA-202305-20
https://lists.debian.org/debian-lts-announce/2023/01/msg00009.html
http://www.openwall.com/lists/oss-security/2022/08/25/3
http://www.openwall.com/lists/oss-security/2022/08/25/4
http://www.openwall.com/lists/oss-security/2022/08/26/4
http://www.openwall.com/lists/oss-security/2022/12/29/1
http://www.openwall.com/lists/oss-security/2022/12/30/4
http://www.openwall.com/lists/oss-security/2022/12/31/5
http://www.openwall.com/lists/oss-security/2023/01/02/2
http://www.openwall.com/lists/oss-security/2023/01/03/2
https://lists.apache.org/thread/2fsjoor96d47vtkpf76x4yo06nccvy1y

CPE    1
cpe:/a:apache:libapreq2
CWE    1
CWE-120
OVAL    3
oval:org.secpod.oval:def:1601587
oval:org.secpod.oval:def:124190
oval:org.secpod.oval:def:124185

© SecPod Technologies