A buffer overflow vulnerability has been discovered in libapreq2 which could result in denial of service.
|Package||www-apache/libapreq2 on all architectures|
|Affected versions||< 2.17|
|Unaffected versions||>= 2.17|
libapreq is a shared library with associated modules for manipulating client request data via the Apache API.
A buffer overflow could occur when processing multipart form uploads.
An attacker could submit a crafted multipart form to trigger the buffer overflow and cause a denial of service.
There is no known workaround at this time.
All libapreq2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-apache/libapreq2-2.17"
May 03, 2023
May 03, 2023: 1