Описание
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| apache2 | fixed | 2.4.54-1 | package | |
| apache2 | fixed | 2.4.54-1~deb11u1 | bullseye | package |
| apache2 | fixed | 2.4.38-3+deb10u8 | buster | package |
Примечания
https://www.openwall.com/lists/oss-security/2022/06/08/7
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30556
https://github.com/apache/httpd/commit/3a561759fcb37af179585adb8478922dc9bc6a85
EPSS
Связанные уязвимости
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.
Уязвимость функции r:wsread() модуля mod_lua веб-сервера Apache HTTP Server, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS