Wind River Support Network

HomeDefectsLIN1021-3745
Fixed

LIN1021-3745 : Security Advisory - apache2 - CVE-2022-28615

Created: Jun 8, 2022    Updated: Oct 17, 2022
Resolved Date: Oct 17, 2022
Found In Version: 10.21.20.1
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.

https://nvd.nist.gov/vuln/detail/CVE-2022-28615

CVEs


Live chat
Online