CVE-2022-30522

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache HTTP Server version 2.4.53

Description The issue is related to the mod sed module in Apache HTTP Server, which may make excessively large memory allocations when configured to do transformations in contexts where the input to mod sed may be very large, potentially leading to an abort. This can be exploited by a remote attacker to cause a denial of service (DoS). The vulnerability is associated with uncontrolled resource consumption.

Recommendations For Apache HTTP Server version 2.4.53, consider disabling the mod sed module as a temporary workaround until a patch is available to prevent excessively large memory allocations and potential DoS attacks. Restrict access to contexts where the input to mod sed may be very large to minimize the risk of exploitation.

Exploit

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-789CWE-770

Related Identifiers

ALSA-2022:7647

ALSA-2022:8067

ALT-PU-2022-2087

ALT-PU-2022-2093

ALT-PU-2022-2095

ALT-PU-2023-1260

BDU:2022-04145

BIT-APACHE-2022-30522

CESA-2022_7647

CVE-2022-30522

OESA-2022-1718

OPENSUSE-SU-2022_2302-1

OPENSUSE-SU-2022_2342-1

OPENSUSE-SU-2024:12142-1

RHSA-2022:6753

RHSA-2022:7647

RHSA-2022:8067

RHSA-2022:8840

RHSA-2022_7647

RHSA-2022_8067

RLSA-2022:7647

RLSA-2022:8067

SUSE-SU-2022:2099-1

SUSE-SU-2022:2101-1

SUSE-SU-2022:2302-1

SUSE-SU-2022:2338-1

SUSE-SU-2022:2342-1

USN-5487-1

USN-5487-2

USN-5487-3

Affected Products

Alt Linux

Almalinux

Apache Http Server

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2022-30522

Weakness Enumeration

Related Identifiers

Affected Products

References · 141