oss-sec mailing list archives
Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption
From: John Helmert III <ajak () gentoo org>
Date: Fri, 30 Dec 2022 15:53:48 -0600
On Thu, Dec 29, 2022 at 10:50:26AM +0100, Salvatore Bonaccorso wrote:
Hi, On Fri, Aug 26, 2022 at 11:01:23AM -0500, John Helmert III wrote:On Thu, Aug 25, 2022 at 02:09:16PM +0000, Joe Orton wrote:Severity: important Description: A flaw in libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.Is there a fixed version or patch or upstream issue?Any pointers or information to this? Regards, Salvatore
Maybe it will help to loop in Apache's CNA contact address?
Attachment:
signature.asc
Description:
Current thread:
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Salvatore Bonaccorso (Dec 29)
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption John Helmert III (Dec 30)
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Arnout Engelen (Dec 31)
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption John Helmert III (Dec 31)
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Arnout Engelen (Dec 31)
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption John Helmert III (Dec 30)