Description
Cytrix has detected that the Version of Apache HTTP Server being used use a ‘mod_lua’ of an uninitialized value in ‘r:parsebody’.
CVE-2022-22719 is categorized as a ‘Improper Initialization’ vulnerability (CWE-665).
Improper Initialization occur when the software does not initialize or incorrectly initializes a resource.
That might leave resources in an unexpected state when it’s being accessed or used.
By crafting a request, its body can cause a ‘read’ to a random memory area which could cause the entire process to crash.
It could lead to a decrease in performance and interruptions in the availability of resources.
Recommendation
To fix CVE-2022-22719, upgrade the version of Apache HTTP Server being used to 2.4.53.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22719