Date: Wed, 08 Jun 2022 09:45:13 +0000 From: Stefan Eissing <icing@...che.org> To: oss-security@...ts.openwall.com Subject: CVE-2022-28615: Apache HTTP Server: Read beyond bounds in ap_strcmp_match() Severity: low Description: Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. Credit: The Apache HTTP Server project would like to thank Ronald Crane (Zippenhop LLC) for reporting this issue References: https://httpd.apache.org/security/vulnerabilities_24.html
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.