CVE-2022-22721: 
Apache HTTP Server vulnerability analysis and mitigation

CVE-2022-22721 affects Apache HTTP Server versions 2.4.52 and earlier. The vulnerability was discovered in March 2022 and involves an integer overflow vulnerability that occurs when LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32-bit systems, which later causes out-of-bounds writes (Apache Advisory).

The vulnerability is an integer overflow issue in the core Apache HTTP Server that occurs specifically on 32-bit systems when processing XML request bodies. The vulnerability has been assigned a CVSS v3.1 base score of 9.1 CRITICAL with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H (NVD).

A successful exploitation of this vulnerability could lead to out-of-bounds writes in memory, potentially allowing attackers to execute arbitrary code or cause denial of service conditions. The vulnerability affects the integrity and availability of the system but not confidentiality (NVD).

The vulnerability was fixed in Apache HTTP Server version 2.4.53. Users are strongly recommended to upgrade to this version or later. Organizations using affected versions should ensure LimitXMLRequestBody is set to a value less than 350MB as a temporary mitigation (Apache Advisory).

Multiple vendors and organizations responded to this vulnerability by releasing security advisories and patches, including Apple, Oracle, NetApp, and various Linux distributions. The vulnerability was considered significant enough to warrant inclusion in multiple vendor security updates (Oracle Alert, NetApp Advisory).