CVE-2022-22721

Summary

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache HTTP ServerApache HTTP Server 2.4 <= 2.4.52affected

Weaknesses

  • CWE-190: CWE-190 Integer Overflow or Wraparound

ADP Enrichment

CVE Program Container

Additional References

References