oss-sec mailing list archives
Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption
From: Salvatore Bonaccorso <carnil () debian org>
Date: Thu, 29 Dec 2022 10:50:26 +0100
Hi, On Fri, Aug 26, 2022 at 11:01:23AM -0500, John Helmert III wrote:
On Thu, Aug 25, 2022 at 02:09:16PM +0000, Joe Orton wrote:Severity: important Description: A flaw in libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.Is there a fixed version or patch or upstream issue?
Any pointers or information to this? Regards, Salvatore
Current thread:
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Salvatore Bonaccorso (Dec 29)
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption John Helmert III (Dec 30)
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Arnout Engelen (Dec 31)
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption John Helmert III (Dec 31)
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Arnout Engelen (Dec 31)
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption John Helmert III (Dec 30)