CVE-2022-22728 – libapreq2 multipart form parse memory corruption
https://notcve.org/view.php?id=CVE-2022-22728
A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. Un fallo en Apache libapreq2 versiones 2.16 y anteriores, podría causar un desbordamiento de búfer mientras son procesadas cargas de formularios multiparte. Un atacante remoto podría enviar una solicitud que causara un bloqueo del proceso, lo que podría conllevar a un ataque de denegación de servicio. • http://www.openwall.com/lists/oss-security/2022/08/25/3 http://www.openwall.com/lists/oss-security/2022/08/25/4 http://www.openwall.com/lists/oss-security/2022/08/26/4 http://www.openwall.com/lists/oss-security/2022/12/29/1 http://www.openwall.com/lists/oss-security/2022/12/30/4 http://www.openwall.com/lists/oss-security/2022/12/31/1 http://www.openwall.com/lists/oss-security/2022/12/31/5 http://www.openwall.com/lists/oss-security/2023 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2006-0042
https://notcve.org/view.php?id=CVE-2006-0042
Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity. Vulnerabilidad no especificada en las funciones (1) apreq_parse_headers y (2) apreq_parse_urlencoded en Apache2::Request (Libapreq2) en versiones anteriores a 2.07 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de vectores de ataque desconocidos que resultan en complejidad computacional cuadrática. • http://secunia.com/advisories/18846 http://secunia.com/advisories/19139 http://secunia.com/advisories/19658 http://securityreason.com/securityalert/737 http://svn.apache.org/viewcvs.cgi/httpd/apreq/tags/v2_07/CHANGES?rev=376998&view=markup http://www.debian.org/security/2006/dsa-1000 http://www.gentoo.org/security/en/glsa/glsa-200604-08.xml http://www.securityfocus.com/bid/16710 http://www.vupen.com/english/advisories/2006/0645 https://exchange.xforce.ibmcloud.com/vulnera •