CVE-2022-28331

CVSS V2 None CVSS V3 None
Description
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.
Overview
  • CVE ID
  • CVE-2022-28331
  • Assigner
  • security@apache.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-31T16:15:08
  • Last Modified Date
  • 2023-02-08T18:48:12
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:* 1 OR 1.7.0
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* 0 OR
References
Reference URL Reference Tags
https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r Mailing List Vendor Advisory
History
Created Old Value New Value Data Type Notes
2023-04-17 07:00:01 Added to TrackCVE
2023-04-17 07:00:05 Weakness Enumeration new