{"api_version":"1","generated_at":"2026-04-22T23:31:03+00:00","cve":"CVE-2022-22721","urls":{"html":"https://cve.report/CVE-2022-22721","api":"https://cve.report/api/cve/CVE-2022-22721.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-22721","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-22721"},"summary":{"title":"CVE-2022-22721","description":"If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.","state":"PUBLIC","assigner":"security@apache.org","published_at":"2022-03-14 11:15:00","updated_at":"2023-11-07 03:43:00"},"problem_types":["CWE-190"],"metrics":[],"references":[{"url":"https://security.gentoo.org/glsa/202208-20","name":"GLSA-202208-20","refsource":"GENTOO","tags":[],"title":"Apache HTTPD: Multiple Vulnerabilities (GLSA 202208-20) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/","name":"FEDORA-2022-78e3211c55","refsource":"","tags":[],"title":"[SECURITY] Fedora 36 Update: httpd-2.4.53-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/kb/HT213256","name":"https://support.apple.com/kb/HT213256","refsource":"CONFIRM","tags":[],"title":"About the security content of macOS Big Sur 11.6.6 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2022/May/38","name":"20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2022-05-16-2 macOS Monterey 12.4","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/kb/HT213257","name":"https://support.apple.com/kb/HT213257","refsource":"CONFIRM","tags":[],"title":"About the security content of macOS Monterey 12.4 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","name":"https://www.oracle.com/security-alerts/cpuapr2022.html","refsource":"MISC","tags":[],"title":"Oracle Critical Patch Update Advisory - April 2022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html","name":"[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2960-1] apache2 security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/","name":"FEDORA-2022-21264ec6db","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: httpd-2.4.53-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/kb/HT213255","name":"https://support.apple.com/kb/HT213255","refsource":"CONFIRM","tags":[],"title":"About the security content of Security Update 2022-004 Catalina - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/","name":"FEDORA-2022-b4103753e9","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: httpd-2.4.53-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20220321-0001/","name":"https://security.netapp.com/advisory/ntap-20220321-0001/","refsource":"CONFIRM","tags":[],"title":"March 2022 Apache HTTP Server Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://httpd.apache.org/security/vulnerabilities_24.html","name":"https://httpd.apache.org/security/vulnerabilities_24.html","refsource":"MISC","tags":[],"title":"Apache HTTP Server 2.4 vulnerabilities - The Apache HTTP Server Project","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/","name":"FEDORA-2022-78e3211c55","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: httpd-2.4.53-1.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2022/May/35","name":"20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/","name":"FEDORA-2022-21264ec6db","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: httpd-2.4.53-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2022/May/33","name":"20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","name":"N/A","refsource":"N/A","tags":[],"title":"Oracle Critical Patch Update Advisory - July 2022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/","name":"FEDORA-2022-b4103753e9","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: httpd-2.4.53-1.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2022/03/14/2","name":"[oss-security] 20220314 CVE-2022-22721: Apache HTTP Server: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody","refsource":"MLIST","tags":[],"title":"oss-security - CVE-2022-22721: Apache HTTP Server: core: Possible buffer overflow\n with very large or unlimited LimitXMLRequestBody","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-22721","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22721","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Anonymous working with Trend Micro Zero Day Initiative","lang":""}],"nvd_cpes":[{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"2.4.52","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"http_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"10.15.7","cpe7":"security_update_2020-001","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"10.15.7","cpe7":"security_update_2021-001","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"10.15.7","cpe7":"security_update_2021-002","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"10.15.7","cpe7":"security_update_2021-003","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"10.15.7","cpe7":"security_update_2021-004","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"10.15.7","cpe7":"security_update_2021-005","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"10.15.7","cpe7":"security_update_2021-006","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"10.15.7","cpe7":"security_update_2021-007","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"10.15.7","cpe7":"security_update_2021-008","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"10.15.7","cpe7":"security_update_2022-001","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"10.15.7","cpe7":"security_update_2022-002","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"10.15.7","cpe7":"security_update_2022-003","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"10.15.7","cpe7":"security_update_2020-001","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"10.15.7","cpe7":"security_update_2021-001","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"10.15.7","cpe7":"security_update_2021-002","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"10.15.7","cpe7":"security_update_2021-003","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"10.15.7","cpe7":"security_update_2021-004","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"10.15.7","cpe7":"security_update_2021-005","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"10.15.7","cpe7":"security_update_2021-006","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"10.15.7","cpe7":"security_update_2021-007","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"10.15.7","cpe7":"security_update_2021-008","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"10.15.7","cpe7":"security_update_2022-001","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"10.15.7","cpe7":"security_update_2022-002","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"10.15.7","cpe7":"security_update_2022-003","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"36","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"enterprise_manager_ops_center","cpe6":"12.4.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"http_server","cpe6":"12.2.1.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"http_server","cpe6":"12.2.1.4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"22721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"zfs_storage_appliance_kit","cpe6":"8.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-22721","qid":"150515","title":"Apache HTTP Server 2.4.53 Multiple Vulnerabilities"},{"cve":"CVE-2022-22721","qid":"160250","title":"Oracle Enterprise Linux Security Update for httpd:2.4 (ELSA-2022-7647)"},{"cve":"CVE-2022-22721","qid":"160309","title":"Oracle Enterprise Linux Security Update for httpd (ELSA-2022-8067)"},{"cve":"CVE-2022-22721","qid":"179151","title":"Debian Security Update for apache2 (DLA 2960-1)"},{"cve":"CVE-2022-22721","qid":"179200","title":"Debian Security Update for apache2 (CVE-2022-22721)"},{"cve":"CVE-2022-22721","qid":"198705","title":"Ubuntu Security Notification for Apache Hypertext Transfer Protocol (HTTP) Server Vulnerabilities (USN-5333-1)"},{"cve":"CVE-2022-22721","qid":"240698","title":"Red Hat Update for httpd24-httpd (RHSA-2022:6753)"},{"cve":"CVE-2022-22721","qid":"240854","title":"Red Hat Update for httpd:2.4 (RHSA-2022:7647)"},{"cve":"CVE-2022-22721","qid":"240885","title":"Red Hat Update for httpd security (RHSA-2022:8067)"},{"cve":"CVE-2022-22721","qid":"240996","title":"Red Hat Update for JBoss Core Services (RHSA-2022:8840)"},{"cve":"CVE-2022-22721","qid":"282500","title":"Fedora Security Update for httpd (FEDORA-2022-b4103753e9)"},{"cve":"CVE-2022-22721","qid":"282521","title":"Fedora Security Update for httpd (FEDORA-2022-21264ec6db)"},{"cve":"CVE-2022-22721","qid":"296057","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 44.113.4 Missing (bulletinapr2022)"},{"cve":"CVE-2022-22721","qid":"353269","title":"Amazon Linux Security Advisory for httpd : ALAS2-2022-1783"},{"cve":"CVE-2022-22721","qid":"353274","title":"Amazon Linux Security Advisory for httpd24 : ALAS-2022-1584"},{"cve":"CVE-2022-22721","qid":"354481","title":"Amazon Linux Security Advisory for httpd : ALAS2022-2022-053"},{"cve":"CVE-2022-22721","qid":"354482","title":"Amazon Linux Security Advisory for httpd : ALAS2022-2022-202"},{"cve":"CVE-2022-22721","qid":"354577","title":"Amazon Linux Security Advisory for httpd : ALAS2022-2022-202"},{"cve":"CVE-2022-22721","qid":"355264","title":"Amazon Linux Security Advisory for httpd : ALAS2023-2023-072"},{"cve":"CVE-2022-22721","qid":"376607","title":"Apple macOS Security Update 2022-004 Catalina (HT213255)"},{"cve":"CVE-2022-22721","qid":"376608","title":"Apple MacOS Big Sur 11.6.6 Not Installed (HT213256)"},{"cve":"CVE-2022-22721","qid":"376612","title":"Apple macOS Monterey 12.4 Not Installed (HT213257)"},{"cve":"CVE-2022-22721","qid":"376865","title":"IBM Hypertext Transfer Protocol (HTTP) Server Multiple Vulnerabilities (6565413)"},{"cve":"CVE-2022-22721","qid":"377911","title":"Oracle Hypertext Transfer Protocol Server (HTTP Server) Multiple Vulnerabilities (CPUJAN2023)"},{"cve":"CVE-2022-22721","qid":"378363","title":"IBM Hypertext Transfer Protocol (HTTP) Server Multiple Vulnerabilities (6565413)"},{"cve":"CVE-2022-22721","qid":"500026","title":"Alpine Linux Security Update for apache2"},{"cve":"CVE-2022-22721","qid":"503717","title":"Alpine Linux Security Update for apache2"},{"cve":"CVE-2022-22721","qid":"671578","title":"EulerOS Security Update for httpd (EulerOS-SA-2022-1569)"},{"cve":"CVE-2022-22721","qid":"671659","title":"EulerOS Security Update for httpd (EulerOS-SA-2022-1730)"},{"cve":"CVE-2022-22721","qid":"671739","title":"EulerOS Security Update for httpd (EulerOS-SA-2022-1790)"},{"cve":"CVE-2022-22721","qid":"671758","title":"EulerOS Security Update for httpd (EulerOS-SA-2022-1807)"},{"cve":"CVE-2022-22721","qid":"671800","title":"EulerOS Security Update for httpd (EulerOS-SA-2022-1843)"},{"cve":"CVE-2022-22721","qid":"671812","title":"EulerOS Security Update for httpd (EulerOS-SA-2022-1867)"},{"cve":"CVE-2022-22721","qid":"671851","title":"EulerOS Security Update for httpd (EulerOS-SA-2022-1893)"},{"cve":"CVE-2022-22721","qid":"690812","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for apache httpd (6601c08d-a46c-11ec-8be6-d4c9ef517024)"},{"cve":"CVE-2022-22721","qid":"710595","title":"Gentoo Linux Apache HTTPD Multiple Vulnerabilities (GLSA 202208-20)"},{"cve":"CVE-2022-22721","qid":"730403","title":"Apache Hypertext Transfer Protocol (HTTP) Server Out-of-bounds Write Vulnerability"},{"cve":"CVE-2022-22721","qid":"751909","title":"SUSE Enterprise Linux Security Update for apache2 (SUSE-SU-2022:0928-1)"},{"cve":"CVE-2022-22721","qid":"751912","title":"SUSE Enterprise Linux Security Update for apache2 (SUSE-SU-2022:0918-1)"},{"cve":"CVE-2022-22721","qid":"751918","title":"SUSE Enterprise Linux Security Update for apache2 (SUSE-SU-2022:0929-1)"},{"cve":"CVE-2022-22721","qid":"751936","title":"SUSE Enterprise Linux Security Update for apache2 (SUSE-SU-2022:1031-1)"},{"cve":"CVE-2022-22721","qid":"751942","title":"OpenSUSE Security Update for apache2 (openSUSE-SU-2022:1031-1)"},{"cve":"CVE-2022-22721","qid":"753400","title":"SUSE Enterprise Linux Security Update for apache2 (SUSE-SU-2022:14924-1)"},{"cve":"CVE-2022-22721","qid":"900756","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for httpd (9007)"},{"cve":"CVE-2022-22721","qid":"901606","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for httpd (9017-1)"},{"cve":"CVE-2022-22721","qid":"940741","title":"AlmaLinux Security Update for httpd:2.4 (ALSA-2022:7647)"},{"cve":"CVE-2022-22721","qid":"940823","title":"AlmaLinux Security Update for httpd (ALSA-2022:8067)"},{"cve":"CVE-2022-22721","qid":"960175","title":"Rocky Linux Security Update for httpd:2.4 (RLSA-2022:7647)"},{"cve":"CVE-2022-22721","qid":"960481","title":"Rocky Linux Security Update for httpd (RLSA-2022:8067)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@apache.org","ID":"CVE-2022-22721","STATE":"PUBLIC","TITLE":"core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Apache HTTP Server","version":{"version_data":[{"version_affected":"<=","version_name":"Apache HTTP Server 2.4","version_value":"2.4.52"}]}}]},"vendor_name":"Apache Software Foundation"}]}},"credit":[{"lang":"eng","value":"Anonymous working with Trend Micro Zero Day Initiative"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":[{"other":"low"}],"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-190 Integer Overflow or Wraparound"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://httpd.apache.org/security/vulnerabilities_24.html","name":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"refsource":"MLIST","name":"[oss-security] 20220314 CVE-2022-22721: Apache HTTP Server: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody","url":"http://www.openwall.com/lists/oss-security/2022/03/14/2"},{"refsource":"FEDORA","name":"FEDORA-2022-b4103753e9","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20220322 [SECURITY] [DLA 2960-1] apache2 security update","url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html"},{"refsource":"FEDORA","name":"FEDORA-2022-21264ec6db","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/"},{"refsource":"FEDORA","name":"FEDORA-2022-78e3211c55","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20220321-0001/","url":"https://security.netapp.com/advisory/ntap-20220321-0001/"},{"refsource":"FULLDISC","name":"20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina","url":"http://seclists.org/fulldisclosure/2022/May/33"},{"refsource":"FULLDISC","name":"20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6","url":"http://seclists.org/fulldisclosure/2022/May/35"},{"refsource":"FULLDISC","name":"20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4","url":"http://seclists.org/fulldisclosure/2022/May/38"},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"refsource":"CONFIRM","name":"https://support.apple.com/kb/HT213257","url":"https://support.apple.com/kb/HT213257"},{"refsource":"CONFIRM","name":"https://support.apple.com/kb/HT213256","url":"https://support.apple.com/kb/HT213256"},{"refsource":"CONFIRM","name":"https://support.apple.com/kb/HT213255","url":"https://support.apple.com/kb/HT213255"},{"refsource":"GENTOO","name":"GLSA-202208-20","url":"https://security.gentoo.org/glsa/202208-20"}]},"source":{"discovery":"UNKNOWN"},"timeline":[{"lang":"eng","time":"2021-12-16","value":"Reported to security team"}]},"nvd":{"publishedDate":"2022-03-14 11:15:00","lastModifiedDate":"2023-11-07 03:43:00","problem_types":["CWE-190"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.1,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.2},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":5.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","versionEndIncluding":"2.4.52","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionStartIncluding":"10.15","versionEndExcluding":"10.15.7","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndExcluding":"11.6.6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0","versionEndExcluding":"12.4","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"22721","Ordinal":"225140","Title":"CVE-2022-22721","CVE":"CVE-2022-22721","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"22721","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}