How severe is CVE-2022-28614?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2022-28614?

This is classified as CWE-190, which is a common weakness in software security.

CVE-2022-28614

MEDIUM Year: 2022

CVSS v3 Score

5.3

Medium

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-190

View all →

Vulnerability Description

The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.

CVE-2017-17288

MEDIUM

CVSS:5.3(Medium)

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R...

CWE-1902017

CVE-2018-10751

MEDIUM

CVSS:5.3(Medium)

A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memo...

CWE-1902018

CVE-2018-16881

MEDIUM

CVSS:5.3(Medium)

A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions befor...

CWE-1902018

CVE-2019-11048

MEDIUM

CVSS:5.3(Medium)

In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocat...

CWE-1902019

CVE-2019-1551

MEDIUM

CVSS:5.3(Medium)

There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, ...

CWE-1902019

CVE-2020-12826

MEDIUM

CVSS:5.3(Medium)

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a ...

CWE-1902020

CVE-2022-28614

Vulnerability Description

Related Vulnerabilities

CVE-2017-17288

CVE-2018-10751

CVE-2018-16881

CVE-2019-11048

CVE-2019-1551

CVE-2020-12826