Description
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 13 | | =2:24.1.10-1 || =2:24.1.11-1 || =2:24.1.6-1 || =2:24.1.8-1 || =2:24.1.9-1 | - |
debian 14 | | =2:24.1.6-1 || >=0 <2:24.1.8-1 | 2:24.1.8-1 |
debian 11 | | =2:1.20.11-1 || =2:1.20.11-1+deb11u1 || =2:1.20.11-1+deb11u10 || =2:1.20.11-1+deb11u11 || =2:1.20.11-1+deb11u12 || =2:1.20.11-1+deb11u13 || =2:1.20.11-1+deb11u14 || =2:1.20.11-1+deb11u15 || =2:1.20.11-1+deb11u2 || =2:1.20.11-1+deb11u3 || =2:1.20.11-1+deb11u4 || =2:1.20.11-1+deb11u5 || =2:1.20.11-1+deb11u6 || =2:1.20.11-1+deb11u7 || =2:1.20.11-1+deb11u8 || =2:1.20.11-1+deb11u9 || >=0 <2:1.20.11-1+deb11u16 | 2:1.20.11-1+deb11u16 |
debian 12 | | =2:21.1.7-3 || =2:21.1.7-3+deb12u1 || =2:21.1.7-3+deb12u2 || =2:21.1.7-3+deb12u3 || =2:21.1.7-3+deb12u4 || =2:21.1.7-3+deb12u5 || =2:21.1.7-3+deb12u6 || =2:21.1.7-3+deb12u7 || =2:21.1.7-3+deb12u8 || =2:21.1.7-3+deb12u9 || >=0 <2:21.1.7-3+deb12u10 | 2:21.1.7-3+deb12u10 |
debian 13 | | | 2:21.1.16-1.3 |
debian 14 | | | 2:21.1.16-1.3 |
debian 12 | | =2:22.1.9-1 || =2:23.1.0-1 || =2:23.1.1-1 || =2:23.2.0-1 || =2:23.2.1-1 || =2:23.2.2-1 || =2:23.2.3-1 || =2:23.2.4-1 || =2:23.2.6-1 || =2:24.0.99.901-1 || =2:24.1.0-1 || =2:24.1.10-1 || =2:24.1.11-1 || =2:24.1.2-1 || =2:24.1.3-1 || =2:24.1.4-1 || =2:24.1.4-2 || =2:24.1.4-3 || =2:24.1.5-1 || =2:24.1.6-1 || =2:24.1.8-1 || =2:24.1.9-1 | - |
 rpm rhel8.8 | | | 0:21.1.3-11.el8_8 |
rpm rhel8 | | | 0:21.1.3-18.el8_10 |
rpm rhel10 | | | 0:24.1.5-4.el10_0 |
