CVE-2022-28331

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache Portable Runtime versions 1.7.0 and earlier

Description The issue is related to a buffer overflow in the apr socket sendv() function of the Apache Portable Runtime (APR) library on Windows operating systems. This is caused by an integer overflow, allowing a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For Apache Portable Runtime versions 1.7.0 and earlier, consider updating to a version later than 1.7.0 to resolve the issue. As a temporary workaround, consider restricting the use of the apr socket sendv() function until a patch is available.

Fix

Memory Corruption

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-190

Related Identifiers

ALT-PU-2025-15436

BDU:2023-00668

BIT-APR-2022-28331

CVE-2022-28331

Affected Products

Apache Portable Runtime

CVE-2022-28331

Weakness Enumeration

Related Identifiers

Affected Products

References · 18