Apache – CVE-2022-22721

Description

Kayran has detected that the Version of Apache HTTP Server being used has a ‘Integer Overflow or Wraparound’ vulnerability (CWE-190). Also known as CVE-2022-22721.

The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value.

By defining that the LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes.

There’s a chance that this vulnerability will allow attackers to modify system files and information. Also, it could cause a decrease in performance and interruptions in the availability of resources.

Recommendation

To fix CVE-2022-22721, upgrade the version of Apache HTTP Server being used to 2.4.53.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22721

https://cwe.mitre.org/data/definitions/190.html

< Return to all Vulnerabilities