-
mod_lua: Use of uninitialized value of in r:parsebody (moderate)
(CVE-2022-22719)
A carefully crafted request body can cause a
read to a random memory area which could cause the process to crash.
-
HTTP request smuggling vulnerability (important) (CVE-2022-22720)
httpd fails to close inbound connection when errors are
encountered discarding the request body, exposing the server to HTTP
Request Smuggling
-
core: Possible buffer overflow with very large or unlimited
LimitXMLRequestBody (low) (CVE-2022-22721)
If LimitXMLRequestBody
is set to allow request bodies larger than 350MB (defaults to 1M) on 32
bit systems an integer overflow happens which later causes out of
bounds writes.
-
mod_sed: Read/write beyond bounds (important) (CVE-2022-23924)
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server
allows an attacker to overwrite heap memory with possibly attacker
provided data.