oss-sec mailing list archives

Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption

From: John Helmert III <ajak () gentoo org>
Date: Fri, 26 Aug 2022 11:01:23 -0500

On Thu, Aug 25, 2022 at 02:09:16PM +0000, Joe Orton wrote:

Severity: important

Description:

A flaw in libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads.  
A remote attacker could send a request causing a process crash which could lead to a denial of service attack.


Is there a fixed version or patch or upstream issue?

Attachment: signature.asc
Description:

Current thread:

CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Joe Orton (Aug 25)
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption Alex Gaynor (Aug 25)
- Re: CVE-2022-22728: libapreq2: libapreq2 multipart form parse memory corruption John Helmert III (Aug 26)