A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | apache2 | <Â 2.4.49-1 | apache2_2.4.49-1_all.deb |
Debian | 11 | all | apache2 | <Â 2.4.51-1~deb11u1 | apache2_2.4.51-1~deb11u1_all.deb |
Debian | 10 | all | apache2 | <Â 2.4.38-3+deb10u6 | apache2_2.4.38-3+deb10u6_all.deb |
Debian | 999 | all | apache2 | <Â 2.4.49-1 | apache2_2.4.49-1_all.deb |
Debian | 13 | all | apache2 | <Â 2.4.49-1 | apache2_2.4.49-1_all.deb |
Debian | 12 | all | uwsgi | <=Â 2.0.21-5.1 | uwsgi_2.0.21-5.1_all.deb |
Debian | 11 | all | uwsgi | <=Â 2.0.19.1-7.1 | uwsgi_2.0.19.1-7.1_all.deb |
Debian | 10 | all | uwsgi | <=Â 2.0.18-1 | uwsgi_2.0.18-1_all.deb |
Debian | 999 | all | uwsgi | <=Â 2.0.25.1-1 | uwsgi_2.0.25.1-1_all.deb |
Debian | 13 | all | uwsgi | <=Â 2.0.25.1-1 | uwsgi_2.0.25.1-1_all.deb |