CVE-2022-30556

Published: Jun 9, 2022Modified: May 1, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.

Affected (4)

Products: Apache: Http Server · Netapp: Clustered Data Ontap · Fedoraproject: Fedora

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Http Server	Before 2.4.54

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Clustered Data Ontap	All versions

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 35
Fedoraproject Fedora	Version 36

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (12)

http://www.openwall.com/lists/oss-security/2022/06/08/7

Source: security@apache.org

Mailing ListThird Party Advisory

https://httpd.apache.org/security/vulnerabilities_24.html

Source: security@apache.org

Vendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/

Source: security@apache.org

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/

Source: security@apache.org

Third Party Advisory

https://security.gentoo.org/glsa/202208-20

Source: security@apache.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20220624-0005/

Source: security@apache.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2022/06/08/7