oss-sec mailing list archives

CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption

From: Joe Orton <jorton () apache org>
Date: Thu, 25 Aug 2022 14:09:16 +0000

Severity: important

Description:

A flaw in libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads.  A 
remote attacker could send a request causing a process crash which could lead to a denial of service attack.

Current thread:

CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Joe Orton (Aug 25)
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Alex Gaynor (Aug 25)
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption John Helmert III (Aug 26)