{"id":"MGASA-2022-0105","summary":"Updated apache packages fix security vulnerability","details":"SECURITY: CVE-2022-23943: mod_sed: Read/write beyond bounds.\nOut-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows\nan attacker to overwrite heap memory with possibly attacker provided data.\nCredits: Ronald Crane (Zippenhop LLC)\n\nSECURITY: CVE-2022-22721: core: Possible buffer overflow with very large\nor unlimited LimitXMLRequestBody\nIf LimitXMLRequestBody is set to allow request bodies larger  than 350MB\n(defaults to 1M) on 32 bit systems an integer overflow happens which later\ncauses out of bounds writes.\nCredits: Anonymous working with Trend Micro Zero Day Initiative\n\nSECURITY: CVE-2022-22720: HTTP request smuggling vulnerability in Apache\nHTTP Server 2.4.52 and earlier\nApache HTTP Server 2.4.52 and earlier fails to close inbound connection\nwhen errors are encountered discarding the request body, exposing the\nserver to HTTP Request Smuggling\nCredits: James Kettle \u003cjames.kettle portswigger.net\u003e\n\nSECURITY: CVE-2022-22719: mod_lua Use of uninitialized value of in\nr:parsebody\nA carefully crafted request body can cause a read to a random memory area\nwhich could cause the process to crash.\nCredits: Chamal De Silva\n","modified":"2026-02-01T21:57:08.059963Z","published":"2022-03-21T20:18:30Z","related":["CVE-2022-22719","CVE-2022-22720","CVE-2022-22721","CVE-2022-23943"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0105.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30170"},{"type":"REPORT","url":"https://downloads.apache.org/httpd/Announcement2.4.html"},{"type":"REPORT","url":"https://downloads.apache.org/httpd/CHANGES_2.4.53"},{"type":"REPORT","url":"https://httpd.apache.org/security/vulnerabilities_24.html"}],"affected":[{"package":{"name":"apache","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/apache?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.53-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0105.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}