5782 – [Anolis OS 8] Bugfix for CVE-2022-28615

Bug 5782 - [Anolis OS 8] Bugfix for CVE-2022-28615

Summary: [Anolis OS 8] Bugfix for CVE-2022-28615

Status:	NEW

Alias:	None

Product:	Anolis OS 8
Classification:	Anolis OS
Component:	BaseOS Packages (show other bugs)	BaseOS Packages
Sub Component:
Version:	8.6
Hardware:	All Linux

Importance:	P4-Low S4-trivial
Target Milestone:	---
Assignee:	Jacob
QA Contact:	shuming

URL:
Whiteboard:
Keywords:	CVE

Depends on:
Blocks:

Reported:	2023-07-07 20:21 UTC by 小龙
Modified:	2023-07-07 20:21 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description 小龙 admin

2023-07-07 20:21:42 UTC

Description:
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.

Broken commit info:

Bugfix commit info:
https://github.com/apache/httpd/commit/6503d09ab51047554c384a6d03646ce1a8848120