Описание
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.4.29-1ubuntu4.24 |
| devel | released | 2.4.54-2ubuntu1 |
| esm-infra-legacy/trusty | released | 2.4.7-1ubuntu4.22+esm6 |
| esm-infra/bionic | released | 2.4.29-1ubuntu4.24 |
| esm-infra/focal | released | 2.4.41-4ubuntu3.12 |
| esm-infra/xenial | released | 2.4.18-2ubuntu3.17+esm6 |
| focal | released | 2.4.41-4ubuntu3.12 |
| impish | released | 2.4.48-3.1ubuntu3.5 |
| jammy | released | 2.4.52-1ubuntu4.1 |
| kinetic | released | 2.4.54-2ubuntu1 |
Показывать по
Ссылки на источники
5 Medium
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may ...
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.
5 Medium
CVSS2
5.3 Medium
CVSS3