Lucene search

K
prionPRIOn knowledge basePRION:CVE-2022-28614
HistoryJun 09, 2022 - 5:15 p.m.

Design/Logic Flaw

2022-06-0917:15:00
PRIOn knowledge base
www.prio-n.com
15
ap_rwrite function
apache http server
memory reading
mod_luas r:puts function
int_max
current headers

AI Score

6.8

Confidence

Low

EPSS

0.003

Percentile

71.7%

The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the ‘ap_rputs’ function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.