oss-sec mailing list archives
CVE-2022-22721: Apache HTTP Server: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
From: Stefan Eissing <icing () apache org>
Date: Mon, 14 Mar 2022 10:07:40 +0000
Severity: low Description: If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. Credit: Anonymous working with Trend Micro Zero Day Initiative
Current thread:
- CVE-2022-22721: Apache HTTP Server: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody Stefan Eissing (Mar 14)