Vulnerability Details : CVE-2022-23943
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2022-23943
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
Threat overview for CVE-2022-23943
Top countries where our scanners detected CVE-2022-23943
Top open port discovered on systems with this issue
80
IPs affected by CVE-2022-23943 10,029,576
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2022-23943!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2022-23943
17.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-23943
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2022-23943
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: security@apache.org (Secondary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by:
- nvd@nist.gov (Primary)
- security@apache.org (Secondary)
References for CVE-2022-23943
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/
[SECURITY] Fedora 34 Update: httpd-2.4.53-1.fc34 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuapr2022.html
Oracle Critical Patch Update Advisory - April 2022Patch;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html
[SECURITY] [DLA 2960-1] apache2 security updateMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/
[SECURITY] Fedora 35 Update: httpd-2.4.53-1.fc35 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://httpd.apache.org/security/vulnerabilities_24.html
httpd 2.4 vulnerabilities - The Apache HTTP Server ProjectVendor Advisory
-
https://security.netapp.com/advisory/ntap-20220321-0001/
March 2022 Apache HTTP Server Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://security.gentoo.org/glsa/202208-20
Apache HTTPD: Multiple Vulnerabilities (GLSA 202208-20) — Gentoo securityThird Party Advisory
-
https://www.tenable.com/security/tns-2022-09
[R1] Tenable.sc 5.21.0 Fixes Multiple Third-Party Vulnerabilities - Security Advisory | Tenable®Third Party Advisory
-
https://www.tenable.com/security/tns-2022-08
[R1] Stand-alone Security Patch Available for Tenable.sc versions 5.19.0 to 5.20.1: Patch 202204.1 - Security Advisory | Tenable®Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/
[SECURITY] Fedora 36 Update: httpd-2.4.53-1.fc36 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2022/03/14/1
oss-security - CVE-2022-23943: Apache HTTP Server: mod_sed: Read/write beyond boundsMailing List;Third Party Advisory
Jump to