CVE-2022-22719

HIGH

Apache HTTP Server <2.4.52 - Memory Corruption

Title source: llm
STIX 2.1

Description

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.

References (15)

Core 15
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2022/03/14/4
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2022.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220321-0001/
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT213257
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT213256
Third Party Advisory x_refsource_confirm
https://support.apple.com/kb/HT213255
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2022/May/33
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2022/May/35
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2022/May/38
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202208-20

Scores

CVSS v3 7.5
EPSS 0.6980
EPSS Percentile 99.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-665
Status published
Products (10)
apache/http_server < 2.4.52
apple/mac_os_x 10.15.7 (13 CPE variants)
apple/macos < 10.15.7
debian/debian_linux 9.0
fedoraproject/fedora 34
fedoraproject/fedora 35
fedoraproject/fedora 36
oracle/http_server 12.2.1.3.0
oracle/http_server 12.2.1.4.0
oracle/zfs_storage_appliance_kit 8.8
Published Mar 14, 2022
Tracked Since Feb 18, 2026