CVE-2022-20464 In ap_input_processor.c there is a possible way to record audio during a phone call due to a logic error. This could lead to local information disclosure with User execution privileges needed.

CVE-2022-20464 In ap_input_processor.c there is a possible way to record audio during a phone call due to a logic error. This could lead to local information disclosure with User execution privileges needed.

The issue exists in ap_input_processor.c function parse_record() which reads a variable named ‘command’ which is used to detect is the request is a recording or not. However, the code reads ‘command’ as a string with length of 20 bytes instead of a string with length of 2 bytes. This results in a logic error. This logic error is present in the ap_input_processor.c function parse_record()



This issue can be exploited by an attacker to record local information of an audio file. An attacker would just have to send an audio file to victim. User interaction is not needed for exploitation.

Security Risk:

The security risk of this issue is that it can be exploited by an attacker to record local information of an audio file. An attacker would just have to send an audio file to victim.

Vulnerability Scenario :


An attacker can exploit this vulnerability by sending the audio file to victim. The attack is not successful if the victim doesn't have ap_input_processor.c function parse_record() in their system. The vulnerability has been fixed in Apache HTTP Server 2.4.25 and later versions.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe