Lucene search

K
broadcomBroadcom Security ResponseBSNSA22354
HistoryAug 01, 2023 - 12:00 a.m.

The ap_rwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory

2023-08-0100:00:00
Broadcom Security Response
support.broadcom.com
29
apache http server
2.4.53
unintended memory read
ap_rwrite()
mod_lua
large input
software vulnerability

0.003 Low

EPSS

Percentile

71.7%

The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the ‘ap_rputs’ function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.