Integer Overflow Vulnerability in Apache HTTP Server 2.4.52 and Earlier

Integer Overflow Vulnerability in Apache HTTP Server 2.4.52 and Earlier

CVE-2022-22721 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

Learn more about our Cis Benchmark Audit For Apache Http Server.