What is CVE-2022-30522?

CVE-2022-30522 is a vulnerability in Apache Software Foundation Http Server, classified under CWE-789. Published 2022-06-08.

Is CVE-2022-30522 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Http Server

CVE-2022-30522

If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.

EPSS: 0.904 (99.8th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Http Server — versions 2.4.53

Weakness classification (CWE)

CWE-789

Public proof-of-concept exploits

References

httpd.apache.org/security/vulnerabilities_24.html (x_refsource_MISC)
[oss-security] 20220608 CVE-2022-30522: Apache HTTP Server: mod_sed denial of service (mailing-list, x_refsource_MLIST)
security.netapp.com/advisory/ntap-20220624-0005/ (x_refsource_CONFIRM)
FEDORA-2022-e620fb15d5 (vendor-advisory, x_refsource_FEDORA)
FEDORA-2022-b54a8dee29 (vendor-advisory, x_refsource_FEDORA)
GLSA-202208-20 (vendor-advisory, x_refsource_GENTOO)

Frequently asked questions

What is CVE-2022-30522?: CVE-2022-30522 is a vulnerability in Apache Software Foundation Http Server, classified under CWE-789. Published 2022-06-08.
Is CVE-2022-30522 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.