CVE-2022-23943

CRITICAL

Apache HTTP Server <2.4.52 - Memory Corruption

Title source: llm
STIX 2.1

Description

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.

References (11)

Core 11
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2022/03/14/1
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2022.html
Third Party Advisory x_refsource_confirm
https://www.tenable.com/security/tns-2022-08
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220321-0001/
Third Party Advisory x_refsource_confirm
https://www.tenable.com/security/tns-2022-09
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202208-20

Scores

CVSS v3 9.8
EPSS 0.6055
EPSS Percentile 98.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-190 CWE-787
Status published
Products (8)
apache/http_server 2.4.0 - 2.4.53
debian/debian_linux 9.0
fedoraproject/fedora 34
fedoraproject/fedora 35
fedoraproject/fedora 36
oracle/http_server 12.2.1.3.0
oracle/http_server 12.2.1.4.0
oracle/zfs_storage_appliance_kit 8.8
Published Mar 14, 2022
Tracked Since Feb 18, 2026