Cyber Resilience

CVE-2022-28615

Critical

Published: 09 June 2022

Published
09 June 2022
Modified
18 December 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0096 76.9th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-28615 is a critical-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Fedoraproject Fedora. Its CVSS base score is 9.1 (Critical).

Operationally, ranked in the top 23.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a…

more

call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apache
http server
≤ 2.4.54
fedoraproject
fedora
35, 36
netapp
clustered data ontap
all versions

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References