oss-sec mailing list archives
CVE-2022-30522: Apache HTTP Server: mod_sed denial of service
From: Stefan Eissing <icing () apache org>
Date: Wed, 08 Jun 2022 09:43:44 +0000
Severity: low Description: If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. Credit: This issue was found by Brian Moussalli from the JFrog Security Research team References: https://httpd.apache.org/security/vulnerabilities_24.html
Current thread:
- CVE-2022-30522: Apache HTTP Server: mod_sed denial of service Stefan Eissing (Jun 08)