CVE-2022-47185 Apache Traffic Server: Invalid Range header causes a crash

2023-08-0906:57:40

CWE-20

apache

www.cve.org

cve-2022-47185

apache traffic server

range header

crash

input validation

apache software foundation

AI Score

8.6

Confidence

High

EPSS

0.003

Percentile

70.3%

JSON

Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Traffic Server",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "9.2.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]