Buffer overflow in Apache Software Foundation Http Server
CVE-2022-23943
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.
Vulnerability class: Buffer Overflow
EPSS: 0.606 (98.3th percentile) — read the EPSS interpretation.
Affected products
- Apache Software Foundation Http Server — versions 2.4
Weakness classification (CWE)
Public proof-of-concept exploits
References
- httpd.apache.org/security/vulnerabilities_24.html (x_refsource_MISC)
- [oss-security] 20220314 CVE-2022-23943: Apache HTTP Server: mod_sed: Read/write beyond bounds (mailing-list, x_refsource_MLIST)
- FEDORA-2022-b4103753e9 (vendor-advisory, x_refsource_FEDORA)
- [debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update (mailing-list, x_refsource_MLIST)
- FEDORA-2022-21264ec6db (vendor-advisory, x_refsource_FEDORA)
- FEDORA-2022-78e3211c55 (vendor-advisory, x_refsource_FEDORA)
- www.oracle.com/security-alerts/cpuapr2022.html (x_refsource_MISC)
- www.tenable.com/security/tns-2022-08 (x_refsource_CONFIRM)
- security.netapp.com/advisory/ntap-20220321-0001/ (x_refsource_CONFIRM)
- www.tenable.com/security/tns-2022-09 (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2022-23943?
- CVE-2022-23943 is a vulnerability in Apache Software Foundation Http Server, classified under Out-of-bounds Write. Published 2022-03-14.
- Is CVE-2022-23943 known to be exploited?
- 17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.