CVE
CVE-2022-28614
| CVE ID |
CVE-2022-28614
|
|---|---|
| CVSS Score |
5.3
|
| Operating System | |
| Affected Versions |
CentOS 7
|
| Patched Versions |
2.4.6-99_ol005.el7.1
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2022-28614
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.