The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2022-06-08T10:00:48
Updated: 2024-08-03T05:56:16.107Z
Reserved: 2022-04-04T00:00:00
Link: CVE-2022-28614
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-06-09T17:15:09.180
Modified: 2024-11-21T06:57:35.057
Link: CVE-2022-28614
Redhat