Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 14 Mar 2022 10:07:40 +0000
From: Stefan Eissing <>
Subject: CVE-2022-22721: Apache HTTP Server: core: Possible buffer overflow
 with very large or unlimited LimitXMLRequestBody 

Severity: low


If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes.

This issue affects Apache HTTP Server 2.4.52 and earlier.


Anonymous working with Trend Micro Zero Day Initiative

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.