CVE-2022-30522

Name: CVE-2022-30522
Creator: NVD / NIST
Published: 2022-06-09T17:15:09.813+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 90.41%

Last modified Jun 17, 2026

CVE-2022-30522 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.. EPSS estimates a 90.41% chance of exploitation in the next 30 days.

Description

If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

90.41%

99.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Apache	Http Server	2.4.53
Netapp	Clustered Data Ontap	All versions
Fedoraproject	Fedora	35
Fedoraproject	Fedora	36

References

http://www.openwall.com/lists/oss-security/2022/06/08/6Mailing List, Third Party Advisory
https://httpd.apache.org/security/vulnerabilities_24.htmlVendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/
https://security.gentoo.org/glsa/202208-20Third Party Advisory
https://security.netapp.com/advisory/ntap-20220624-0005/Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/06/08/6Mailing List, Third Party Advisory
https://httpd.apache.org/security/vulnerabilities_24.htmlVendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/
https://security.gentoo.org/glsa/202208-20Third Party Advisory
https://security.netapp.com/advisory/ntap-20220624-0005/Third Party Advisory

Timeline

Published: Jun 9, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-30522?

How severe is CVE-2022-30522?

CVE-2022-30522 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 90.41% probability of exploitation in the next 30 days.

How do I fix CVE-2022-30522?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-30522?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST