pache.org on
> behalf of Apache Security Team
> Sent: Monday, January 2, 2023 7:30:43 AM
> To: dev@httpd.apache.org
> Cc: Apache Security Team
> Subject: Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory
> corruption
>
> Hi,
>
> I noticed there
To: dev@httpd.apache.org
Cc: Apache Security Team
Subject: Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory
corruption
Hi,
I noticed there was some confusion online as to whether this issue is
fixed in 2.17 (https://www.openwall.com/lists/oss-security/2022/08/26/4).
Unless
Hi,
I noticed there was some confusion online as to whether this issue is
fixed in 2.17 (https://www.openwall.com/lists/oss-security/2022/08/26/4).
Unless anyone objects I'll amend the CVE text to make it explicit that
users are recommended to update to 2.17 or later.
Luckily with the new CVE
Severity: important
Description:
A flaw in libapreq2 versions 2.16 and earlier could cause a buffer overflow
while processing multipart form uploads. A remote attacker could send a
request causing a process crash which could lead to a denial of service attack.
