CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 0CVE-2022-22728 – libapreq2 multipart form parse memory corruption
https://notcve.org/view.php?id=CVE-2022-22728
25 Aug 2022 — A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. Un fallo en Apache libapreq2 versiones 2.16 y anteriores, podría causar un desbordamiento de búfer mientras son procesadas cargas de formularios multiparte. Un atacante remoto podría enviar una solicitud que causara un bloqueo del proceso, lo que podría conllevar a un ataque d... • http://www.openwall.com/lists/oss-security/2022/08/25/3 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 7%CPEs: 3EXPL: 0CVE-2006-0042
https://notcve.org/view.php?id=CVE-2006-0042
18 Feb 2006 — Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity. Vulnerabilidad no especificada en las funciones (1) apreq_parse_headers y (2) apreq_parse_urlencoded en Apache2::Request (Libapreq2) en versiones anteriores a 2.07 permite a atacantes remotos provocar una denegación de servic... • http://secunia.com/advisories/18846 •