Launchpad CVE tracker

CVE 2022-29404

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.

Related bugs and status

CVE-2022-29404 (Candidate) is related to these bugs:

Bug #1985885: Debian: CVE-2022-28615 / CVE-2022-29404 / CVE-2022-30522 / CVE-2022-31813: apache2: A flaw was found in the mod_proxy module of httpd

Summary				In	Importance	Status
	1985885	Debian: CVE-2022-28615 / CVE-2022-29404 / CVE-2022-30522 / CVE-2022-31813: apache2: A flaw was found in the mod_proxy module of httpd		StarlingX	Medium	Fix Released

Bug #2012588: default apache limitrequestbody dropped

		In	Importance	Status
2012588	default apache limitrequestbody dropped	kolla-ansible	Medium	Fix Released
2012588	default apache limitrequestbody dropped	kolla-ansible yoga	Medium	Fix Released
2012588	default apache limitrequestbody dropped	kolla-ansible zed	Medium	Fix Released
2012588	default apache limitrequestbody dropped	kolla-ansible xena	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2022-29404

References