Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions — CVE-2022-24963

Zusammenfassung

Sicherheitshinweis CVE-2022-24963. Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions Hersteller: Microsoft. Quelle: MSRC. Risiko: critical. CVSS 9.8. Details in der offiziellen Quelle.

Was tun?

Allgemeine, vorsichtige Schritte (bitte prüfe die offizielle Quelle für Details):

• Priorisiere sofort Patches oder Mitigations (hohes akutes Risiko).
• Identifiziere betroffene Produktversionen und prüfe, ob du betroffen bist.
• Spiele Hersteller-Updates/Patches ein oder setze empfohlene Mitigations um.
• Lies das offizielle Advisory für betroffene Versionen und konkrete Schritte.

Offizielles Advisory

Zur offiziellen Quelle

Mehr dazu

• An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. CVE-2022-4338
• An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. CVE-2022-4337
• Apache HTTP Server: mod_proxy_ajp Possible request smuggling CVE-2022-36760
• Integer overflow in `git archive` `git log --format` leading to RCE in git CVE-2022-41903
• A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target syst CVE-2022-3515
• Mariner CVE-2022-47629
• .NET Denial of Service Vulnerability CVE-2023-21538
• 3D Builder Remote Code Execution Vulnerability CVE-2023-21781
• 3D Builder Remote Code Execution Vulnerability CVE-2023-21782
• 3D Builder Remote Code Execution Vulnerability CVE-2023-21784
• 3D Builder Remote Code Execution Vulnerability CVE-2023-21786
• 3D Builder Remote Code Execution Vulnerability CVE-2023-21791