cvedb.io
CVE-2022-22721
CRITICAL · CVSS 9.1
EPSS exploitation probability: 0%
Published 2022-03-14T11:15:09.133 · Last modified 2026-06-17T04:28:52.040

Summary

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

Affected products

apache — http_server

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.