{"containers":{"cna":{"affected":[{"product":"Apache HTTP Server","vendor":"Apache Software Foundation","versions":[{"lessThanOrEqual":"2.4.52","status":"affected","version":"Apache HTTP Server 2.4","versionType":"custom"}]}],"credits":[{"lang":"en","value":"Anonymous working with Trend Micro Zero Day Initiative"}],"descriptions":[{"lang":"en","value":"If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier."}],"metrics":[{"other":{"content":{"other":"low"},"type":"unknown"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-190","description":"CWE-190 Integer Overflow or Wraparound","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-08-14T01:07:45.000Z","orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache"},"references":[{"tags":["x_refsource_MISC"],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"name":"[oss-security] 20220314 CVE-2022-22721: Apache HTTP Server: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2022/03/14/2"},{"name":"FEDORA-2022-b4103753e9","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/"},{"name":"[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html"},{"name":"FEDORA-2022-21264ec6db","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/"},{"name":"FEDORA-2022-78e3211c55","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.netapp.com/advisory/ntap-20220321-0001/"},{"name":"20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina","tags":["mailing-list","x_refsource_FULLDISC"],"url":"http://seclists.org/fulldisclosure/2022/May/33"},{"name":"20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6","tags":["mailing-list","x_refsource_FULLDISC"],"url":"http://seclists.org/fulldisclosure/2022/May/35"},{"name":"20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4","tags":["mailing-list","x_refsource_FULLDISC"],"url":"http://seclists.org/fulldisclosure/2022/May/38"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://support.apple.com/kb/HT213257"},{"tags":["x_refsource_CONFIRM"],"url":"https://support.apple.com/kb/HT213256"},{"tags":["x_refsource_CONFIRM"],"url":"https://support.apple.com/kb/HT213255"},{"name":"GLSA-202208-20","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"https://security.gentoo.org/glsa/202208-20"}],"source":{"discovery":"UNKNOWN"},"timeline":[{"lang":"en","time":"2021-12-16T00:00:00.000Z","value":"Reported to security team"}],"title":"core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@apache.org","ID":"CVE-2022-22721","STATE":"PUBLIC","TITLE":"core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Apache HTTP Server","version":{"version_data":[{"version_affected":"<=","version_name":"Apache HTTP Server 2.4","version_value":"2.4.52"}]}}]},"vendor_name":"Apache Software Foundation"}]}},"credit":[{"lang":"eng","value":"Anonymous working with Trend Micro Zero Day Initiative"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":[{"other":"low"}],"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-190 Integer Overflow or Wraparound"}]}]},"references":{"reference_data":[{"name":"https://httpd.apache.org/security/vulnerabilities_24.html","refsource":"MISC","url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"name":"[oss-security] 20220314 CVE-2022-22721: Apache HTTP Server: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2022/03/14/2"},{"name":"FEDORA-2022-b4103753e9","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/"},{"name":"[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html"},{"name":"FEDORA-2022-21264ec6db","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/"},{"name":"FEDORA-2022-78e3211c55","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/"},{"name":"https://www.oracle.com/security-alerts/cpuapr2022.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"name":"https://security.netapp.com/advisory/ntap-20220321-0001/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20220321-0001/"},{"name":"20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina","refsource":"FULLDISC","url":"http://seclists.org/fulldisclosure/2022/May/33"},{"name":"20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6","refsource":"FULLDISC","url":"http://seclists.org/fulldisclosure/2022/May/35"},{"name":"20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4","refsource":"FULLDISC","url":"http://seclists.org/fulldisclosure/2022/May/38"},{"name":"https://www.oracle.com/security-alerts/cpujul2022.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"name":"https://support.apple.com/kb/HT213257","refsource":"CONFIRM","url":"https://support.apple.com/kb/HT213257"},{"name":"https://support.apple.com/kb/HT213256","refsource":"CONFIRM","url":"https://support.apple.com/kb/HT213256"},{"name":"https://support.apple.com/kb/HT213255","refsource":"CONFIRM","url":"https://support.apple.com/kb/HT213255"},{"name":"GLSA-202208-20","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/202208-20"}]},"source":{"discovery":"UNKNOWN"},"timeline":[{"lang":"en","time":"2021-12-16T00:00:00.000Z","value":"Reported to security team"}]}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T03:21:48.950Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"name":"[oss-security] 20220314 CVE-2022-22721: Apache HTTP Server: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2022/03/14/2"},{"name":"FEDORA-2022-b4103753e9","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/"},{"name":"[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html"},{"name":"FEDORA-2022-21264ec6db","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/"},{"name":"FEDORA-2022-78e3211c55","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20220321-0001/"},{"name":"20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina","tags":["mailing-list","x_refsource_FULLDISC","x_transferred"],"url":"http://seclists.org/fulldisclosure/2022/May/33"},{"name":"20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6","tags":["mailing-list","x_refsource_FULLDISC","x_transferred"],"url":"http://seclists.org/fulldisclosure/2022/May/35"},{"name":"20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4","tags":["mailing-list","x_refsource_FULLDISC","x_transferred"],"url":"http://seclists.org/fulldisclosure/2022/May/38"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://support.apple.com/kb/HT213257"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://support.apple.com/kb/HT213256"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://support.apple.com/kb/HT213255"},{"name":"GLSA-202208-20","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"https://security.gentoo.org/glsa/202208-20"}]}]},"cveMetadata":{"assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","assignerShortName":"apache","cveId":"CVE-2022-22721","datePublished":"2022-03-14T10:15:40.000Z","dateReserved":"2022-01-06T00:00:00.000Z","dateUpdated":"2024-08-03T03:21:48.950Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}