CVE-2022-22721
core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
Affected products
Apache Software Foundation · Apache HTTP ServerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://seclists.org/fulldisclosure/2022/May/33http://seclists.org/fulldisclosure/2022/May/35http://seclists.org/fulldisclosure/2022/May/38https://httpd.apache.org/security/vulnerabilities_24.htmlhttps://lists.debian.org/debian-lts-announce/2022/03/msg00033.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/https://security.gentoo.org/glsa/202208-20https://security.netapp.com/advisory/ntap-20220321-0001/https://support.apple.com/kb/HT213255https://support.apple.com/kb/HT213256