CVE-2017-1000471

Опубликовано: 03 янв. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service.

Ссылки

https://github.com/embedthis/goahead/commit/5e6be61e42448f503e75e287dc332b1ecbf2a665#diff-7c9c60c790648b06210f57b9e2f53ca7
Patch
Third Party Advisory
https://github.com/embedthis/goahead/pull/258
Issue Tracking
Third Party Advisory
https://github.com/embedthis/goahead/commit/5e6be61e42448f503e75e287dc332b1ecbf2a665#diff-7c9c60c790648b06210f57b9e2f53ca7
Patch
Third Party Advisory
https://github.com/embedthis/goahead/pull/258
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:embedthis:goahead:4.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.00277

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-476

Связанные уязвимости

GHSA-6ffc-5vcx-vfp5