CVE-2022-30522

一、漏洞信息
漏洞编号：CVE-2022-30522
漏洞归属组件：hetu-core
漏洞归属的版本：0.193
CVSS V3.0分值：
BaseScore：7.5 High
Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
漏洞简述：
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.
漏洞公开时间：2022-06-10 01:15
漏洞创建时间：2022-06-16 11:08:57
漏洞详情参考链接：
https://nvd.nist.gov/vuln/detail/CVE-2022-30522

更多参考(点击展开)

参考来源	参考链接	来源链接
MISC	https://httpd.apache.org/security/vulnerabilities_24.html
MLIST	http://www.openwall.com/lists/oss-security/2022/06/08/6
CONFIRM	https://security.netapp.com/advisory/ntap-20220624-0005/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/
nvd	https://access.redhat.com/security/cve/CVE-2022-30522
suse_bugzilla	https://httpd.apache.org/security/vulnerabilities_24.html
suse_bugzilla	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30522
redhat_bugzilla	https://httpd.apache.org/security/vulnerabilities_24.html
redhat_bugzilla	httpd tracking bugs for this issue:
ubuntu	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522
ubuntu	https://www.openwall.com/lists/oss-security/2022/06/08/6
ubuntu	https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30522
ubuntu	https://ubuntu.com/security/notices/USN-5487-1
ubuntu	https://ubuntu.com/security/notices/USN-5487-2
ubuntu	https://ubuntu.com/security/notices/USN-5487-3
ubuntu	https://nvd.nist.gov/vuln/detail/CVE-2022-30522
ubuntu	https://launchpad.net/bugs/cve/CVE-2022-30522
ubuntu	https://security-tracker.debian.org/tracker/CVE-2022-30522
debian	https://security-tracker.debian.org/tracker/CVE-2022-30522
httpd	https://httpd.apache.org/security/vulnerabilities_24.html

漏洞分析指导链接：
https://gitee.com/openlookeng/community/blob/master/security/cve/doc/md/manual.md
漏洞数据来源:
其它
漏洞补丁信息：

详情(点击展开)

无

二、漏洞分析结构反馈
影响性分析说明：

openLooKeng评分：
7.5
Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
受影响版本排查(受影响/不受影响)：
1.1.6.1:
2.master:
3.openEuler-22.03-LTS-SP1:

@tushengxia
issue处理注意事项:
1. 当前issue受影响的分支提交pr时, 须在pr描述中填写当前issue编号进行关联, 否则无法关闭当前issue;
2. 模板内容需要填写完整, 无论是受影响或者不受影响都需要填写完整内容,未引入的分支不需要填写, 否则无法关闭当前issue;
3. 以下为模板中需要填写完整的内容, 请复制到评论区回复, 注: 内容的标题名称(影响性分析说明, openLooKeng评分, 受影响版本排查(受影响/不受影响))不能省略,省略后cve-manager将无法正常解析填写内容.

影响性分析说明:

openLooKeng评分: (评分和向量)

受影响版本排查(受影响/不受影响):
1.1.6.1:
2.master:

issue处理具体操作请参考:
https://gitee.com/openlookeng/community/blob/master/security/cve/doc/md/manual.md
pr关联issue具体操作请参考:
https://gitee.com/help/articles/4142

@i-robot , Please select a milestone for the issue. Then, you can use the /check-milestone command to remove the needs-milestone label.

openLooKeng / hetu-core

内容风险标识

评论 (2)

openLooKeng / hetu-core .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2022-30522

评论 (2)

搜索帮助

openLooKeng / hetu-core