3 matches found
httpd: mod_lua: Use of uninitialized value of in r:parsebody
A flaw was found in the modlua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest threat from this vulnerability is to system availability...
PT-2022-3378
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.53 and earlier Description The issue is related to the mod lua module in Apache HTTP Server, where a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limi...
PT-2022-3349
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.53 and earlier Description The issue is related to the r:wsread function in the mod lua module of the Apache HTTP Server, which may return lengths that point past the end of the allocated buffer storage. This ca...