CVE-2022-23943

Опубликовано: 14 мар. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.

Ссылки

http://www.openwall.com/lists/oss-security/2022/03/14/1
Mailing List
Third Party Advisory
https://httpd.apache.org/security/vulnerabilities_24.html
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/
Third Party Advisory
https://security.gentoo.org/glsa/202208-20
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220321-0001/
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Third Party Advisory
https://www.tenable.com/security/tns-2022-08
Third Party Advisory
https://www.tenable.com/security/tns-2022-09
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/03/14/1
Mailing List
Third Party Advisory
https://httpd.apache.org/security/vulnerabilities_24.html
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/
Third Party Advisory
https://security.gentoo.org/glsa/202208-20
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220321-0001/
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Версия от 2.4.0 (включая) до 2.4.53 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.65905

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-190

CWE-787

Связанные уязвимости

CVE-2022-23943

CVSS3: 9.8

ubuntu

больше 3 лет назад

CVE-2022-23943

CVSS3: 8.1

redhat

больше 3 лет назад

CVE-2022-23943

CVSS3: 9.8

msrc

больше 3 лет назад

Описание отсутствует

CVE-2022-23943

CVSS3: 9.8

debian

больше 3 лет назад

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server all ...

GHSA-778r-vp3x-2f8c

CVSS3: 9.8

github

больше 3 лет назад

EPSS

Процентиль: 98%

0.65905

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-190

CWE-787