CVE Published: 08/06/2022 |
CVE Updated: 03/08/2024 |
CVE Year: 2022 Source: apache |
Vendor: Apache Software Foundation |
Product: Apache HTTP Server Status : PUBLISHED
CVE-2022-28614 Description
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the \'ap_rputs\' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.