libapreq2 multipart form parse memory corruption
CVE-2022-22728

7.5HIGH

Key Information:

Vendor: Apache
Status: Libapreq2
Vendor: CVE Published:; 25 August 2022

Summary

A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.

Affected Version(s)

libapreq2 <= 2.16

References

https://lists.apache.org/thread/2fsjoor96d47vtkpf76x4yo06...

http://www.openwall.com/lists/oss-security/2022/08/25/4

mailing-list

http://www.openwall.com/lists/oss-security/2022/08/25/3

mailing-list

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 25, 2022
Vulnerability Reserved
Jan 6, 2022