You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@apache.org by Stefan Eissing <ic...@apache.org> on 2022/03/14 10:07:40 UTC
CVE-2022-22721: Apache HTTP Server: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
Severity: low
Description:
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes.
This issue affects Apache HTTP Server 2.4.52 and earlier.
Credit:
Anonymous working with Trend Micro Zero Day Initiative