CVE-2022-22719

Public on 2022-03-14

Modified on 2023-01-18

Description

A flaw was found in the mod_lua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest treat of this vulnerability is availability.

Severity

Medium

See what this means

CVSS v3 Base Score

7.5

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 2 - Core	httpd	2022-04-25 22:57	ALAS2-2022-1783
Amazon Linux 2023	httpd	2023-02-17 20:46	ALAS2023-2023-072
Amazon Linux 1	httpd24	2022-04-26 17:12	ALAS-2022-1584

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
NVD	CVSSv2	5.0	AV:N/AC:L/Au:N/C:N/I:N/A:P
NVD	CVSSv3	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Red Hat: CVE-2022-22719 Mitre: CVE-2022-22719 FAQs regarding Amazon Linux ALAS/CVE Severity