CVE-2022-26376

A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.38648706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability...

CVE-2022-28665

A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The freshtomato-arm has a vulnerable URL-decoding feature that c...

CVE-2022-27631

A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability...

Memory corruption

A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability...

CVE-2022-28665

A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The freshtomato-arm has a vulnerable URL-decoding feature that c...

CVE-2022-28664

A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The freshtomato-mips has a vulnerable URL-decoding feature that...

CVE-2022-28664

CVE-2022-28664 affects FreshTomato 2022.1. The vulnerability stems from the httpd unescape functionality: the code assumes two hex digits follow a ‘%’ and lacks bounds checks, so a request containing an incomplete escape could lead to memory corruption (e.g., via access beyond the end of the stri...

CVE-2022-27631

The CVE-2022-27631 entry describes a memory corruption vulnerability in DD-WRT’s httpd unescape function affecting revisions 32270–48599. The issue stems from assuming two characters follow a '%' and performing an unsafe strcpy without validating the second character, which can read beyond the st...

CVE-2022-27631

A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability...

CVE-2022-26376

CVE-2022-26376 affects Asuswrt and Asuswrt-Merlin New Gen. The vulnerability is a memory corruption in the httpd unescape function triggered by a crafted HTTP request; it arises due to missing bounds checking after a '%' character, potentially causing memory corruption or crashes via network inpu...

httpd security update

2.4.6-97.0.7.5 - modproxy: approxyhttprequest to clear hop-by-hop first and fixup last CVE-2022-31813Orabug: 34381850...

httpd security update

2.4.51-7.0.2 - modproxy: approxyhttprequest to clear hop-by-hop first and fixup last CVE-2022-31813Orabug: 34381949...

httpd security update

2.2.15-69.0.4 - modproxy: approxyhttprequest to clear hop-by-hop first and fixup last CVE-2022-31813Orabug: 34317859 2.2.15-69.0.3 - core: Simpler connection close logic CVE-2022-22720Orabug: 33991577...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2199)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2180)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.0 : httpd (EulerOS-SA-2022-2199)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affec...

DD-WRT httpd unescape memory corruption vulnerability

Summary A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. Tested Versions DD-WRT Revision 322...

FreshTomato httpd unescape memory corruption vulnerability

Summary A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. Tested Versions FreshTomato 2022.1 Product URLs...

The vulnerability of the httpd daemon in the microprogramming software of TP-Link’s TL-WR841N routers allows a hacker to execute arbitrary code.

The vulnerability of the httpd daemon in the microprogramming-based router software from TP-Link’s TL-WR841N is related to reading data outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2022-30024

A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 firmware version 3.16.9 devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the System Tools of the Wi-Fi network. This affects TL-WR841 V12 TL-WR841NEUV12160624 and TL-WR841 V11...