CVE-2022-23943

Опубликовано: 14 мар. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.

Ссылки

http://www.openwall.com/lists/oss-security/2022/03/14/1
Mailing List
Third Party Advisory
https://httpd.apache.org/security/vulnerabilities_24.html
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/
Third Party Advisory
https://security.gentoo.org/glsa/202208-20
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220321-0001/
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Third Party Advisory
https://www.tenable.com/security/tns-2022-08
Third Party Advisory
https://www.tenable.com/security/tns-2022-09
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/03/14/1
Mailing List
Third Party Advisory
https://httpd.apache.org/security/vulnerabilities_24.html
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/
Third Party Advisory
https://security.gentoo.org/glsa/202208-20
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220321-0001/
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Версия от 2.4.0 (включая) до 2.4.53 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.67604

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-190

CWE-787

Связанные уязвимости

CVE-2022-23943

CVSS3: 9.8

ubuntu

почти 4 года назад

CVE-2022-23943

CVSS3: 8.1

redhat

почти 4 года назад

CVE-2022-23943

CVSS3: 9.8

msrc

почти 4 года назад

mod_sed: Read/write beyond bounds

CVE-2022-23943

CVSS3: 9.8

debian

почти 4 года назад

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server all ...

GHSA-778r-vp3x-2f8c

CVSS3: 9.8

github

почти 4 года назад

EPSS

Процентиль: 99%

0.67604

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-190

CWE-787