You are viewing a plain text version of this content. The canonical link for it is here.

Posted to announce@apache.org by Stefan Eissing <ic...@apache.org> on 2022/03/14 10:07:40 UTC

CVE-2022-22721: Apache HTTP Server: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody

Severity: low

Description:

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes.

This issue affects Apache HTTP Server 2.4.52 and earlier.

Credit:

Anonymous working with Trend Micro Zero Day Initiative