A buffer overflow vulnerability has been discovered in libapreq2 which could result in denial of service.
Package | www-apache/libapreq2 on all architectures |
---|---|
Affected versions | < 2.17 |
Unaffected versions | >= 2.17 |
libapreq is a shared library with associated modules for manipulating client request data via the Apache API.
A buffer overflow could occur when processing multipart form uploads.
An attacker could submit a crafted multipart form to trigger the buffer overflow and cause a denial of service.
There is no known workaround at this time.
All libapreq2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-apache/libapreq2-2.17"
Release date
May 03, 2023
Latest revision
May 03, 2023: 1
Severity
low
Exploitable
remote
Bugzilla entries