Описание
Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.
A flaw was found in the mod_macro module of httpd. When processing a very long macro, the null byte terminator will not be added, leading to an out-of-bounds read, resulting in a crash.
Отчет
This flaw only affects configurations with mod_macro loaded and when a very long macro is configured and used, specifically a macro longer than 8191 characters. If these conditions are not present, the server is not affected and no further mitigation is needed. For more information about the mitigation, see the mitigation section below. The httpd mod_macro module is enabled by default in Red Hat Enterprise Linux 8, 9, and in RHSCL. However, there are no macros used in the default httpd configuration.
Меры по смягчению последствий
Disabling mod_macro and restarting httpd or making sure the macros used are smaller than the required length to trigger this vulnerability will mitigate this flaw. Furthermore, it's unlikely that a very long macro with the length needed to trigger this issue is being used.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Pipelines | httpd | Affected | ||
| Red Hat Enterprise Linux 6 | httpd | Out of support scope | ||
| Red Hat Enterprise Linux 7 | httpd | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 6 | httpd22 | Out of support scope | ||
| Red Hat OpenShift Data Science (RHODS) | httpd | Will not fix | ||
| Red Hat OpenShift GitOps | httpd | Will not fix | ||
| Red Hat OpenStack Platform 16.1 | httpd | Not affected | ||
| Red Hat OpenStack Platform 16.2 | httpd | Not affected | ||
| Red Hat OpenStack Platform 17.1 | httpd | Not affected | ||
| Red Hat OpenStack Platform 18.0 | httpd | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.
Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.
Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.Th ...
EPSS
7.5 High
CVSS3