CVE-2022-28615

Read beyond bounds in ap_strcmp_match()

Severity Score

9.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.

Apache HTTP Server versiones 2.4.53 y anteriores, puede fallar o revelar información debido a una lectura más allá de los límites en la función ap_strcmp_match() cuando le es proporcionado un búfer de entrada extremadamente grande. Mientras que ningún código distribuido con el servidor puede ser coaccionado en tal llamada, los módulos de terceros o los scripts lua que usan ap_strcmp_match() pueden hipotéticamente ser afectados

An out-of-bounds read vulnerability was found in httpd. A very large input to the ap_strcmp_match function can lead to an integer overflow and result in an out-of-bounds read.

*Credits: The Apache HTTP Server project would like to thank Ronald Crane (Zippenhop LLC) for reporting this issue

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-04-04 CVE Reserved
2022-06-08 CVE Published
2024-05-07 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-125: Out-of-bounds Read
CWE-190: Integer Overflow or Wraparound

CAPEC

References (8)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2022/06/08/9	Mailing List
https://security.netapp.com/advisory/ntap-20220624-0005	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://httpd.apache.org/security/vulnerabilities_24.html	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND	2023-11-07
https://security.gentoo.org/glsa/202208-20	2023-11-07
https://access.redhat.com/security/cve/CVE-2022-28615	2022-12-08
https://bugzilla.redhat.com/show_bug.cgi?id=2095006	2022-12-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				<= 2.4.53 Search vendor "Apache" for product "Http Server" and version " <= 2.4.53"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				35 Search vendor "Fedoraproject" for product "Fedora" and version "35"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				36 Search vendor "Fedoraproject" for product "Fedora" and version "36"		-		Affected
Netapp Search vendor "Netapp"		Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap"				-		-		Affected