oss-sec mailing list archives

Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption

From: Alex Gaynor <alex.gaynor () gmail com>
Date: Thu, 25 Aug 2022 15:56:47 -0400

Is this a READ or WRITE buffer overflow?

Thanks,
Alex

On Thu, Aug 25, 2022 at 3:52 PM Joe Orton <jorton () apache org> wrote:


Severity: important

Description:

A flaw in libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads.  
A remote attacker could send a request causing a process crash which could lead to a denial of service attack.



-- 
All that is necessary for evil to succeed is for good people to do nothing.

Current thread:

CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Joe Orton (Aug 25)
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Alex Gaynor (Aug 25)
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption John Helmert III (Aug 26)