httpd: mod_lua: Use of uninitialized value of in r:parsebody

A flaw was found in the modlua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest threat from this vulnerability is to system availability...

PT-2022-3378 · Apache +10 · Apache Http Server +10

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.53 and earlier Description: The issue is related to the mod lua module in Apache HTTP Server, where a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default...

PT-2022-3349 · Apache +10 · Apache Http Server +10

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.53 and earlier Description: The issue is related to the r:wsread function in the mod lua module of the Apache HTTP Server, which may return lengths that point past the end of the allocated buffer storage. This...