What is CVE-2022-22719?

CVE-2022-22719 is a vulnerability in Apache Software Foundation Http Server, classified under Improper Initialization. Published 2022-03-14.

Is CVE-2022-22719 known to be exploited?

17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Http Server

CVE-2022-22719

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.

Vulnerability class: Dirty Pipe (CVE-2022-0847)

EPSS: 0.698 (99.3th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Http Server — versions Apache HTTP Server 2.4

Weakness classification (CWE)

CWE-665 — Improper Initialization

Public proof-of-concept exploits

References

httpd.apache.org/security/vulnerabilities_24.html (x_refsource_MISC)
[oss-security] 20220314 CVE-2022-22719: Apache HTTP Server: mod_lua Use of uninitialized value of in r:parsebody (mailing-list, x_refsource_MLIST)
FEDORA-2022-b4103753e9 (vendor-advisory, x_refsource_FEDORA)
[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update (mailing-list, x_refsource_MLIST)
FEDORA-2022-21264ec6db (vendor-advisory, x_refsource_FEDORA)
FEDORA-2022-78e3211c55 (vendor-advisory, x_refsource_FEDORA)
www.oracle.com/security-alerts/cpuapr2022.html (x_refsource_MISC)
security.netapp.com/advisory/ntap-20220321-0001/ (x_refsource_CONFIRM)
support.apple.com/kb/HT213257 (x_refsource_CONFIRM)
support.apple.com/kb/HT213256 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2022-22719?: CVE-2022-22719 is a vulnerability in Apache Software Foundation Http Server, classified under Improper Initialization. Published 2022-03-14.
Is CVE-2022-22719 known to be exploited?: 17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.