oss-sec mailing list archives
Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption
From: Alex Gaynor <alex.gaynor () gmail com>
Date: Thu, 25 Aug 2022 15:56:47 -0400
Is this a READ or WRITE buffer overflow? Thanks, Alex On Thu, Aug 25, 2022 at 3:52 PM Joe Orton <jorton () apache org> wrote:
Severity: important Description: A flaw in libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.
-- All that is necessary for evil to succeed is for good people to do nothing.
Current thread:
- CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Joe Orton (Aug 25)
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Alex Gaynor (Aug 25)
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption John Helmert III (Aug 26)