CVE-2019-13114

Опубликовано: 30 июн. 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html
Broken Link
https://github.com/Exiv2/exiv2/issues/793
Exploit
Patch
Third Party Advisory
https://github.com/Exiv2/exiv2/pull/815
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/
https://support.f5.com/csp/article/K45429077?utm_source=f5support&amp%3Butm_medium=RSS
https://usn.ubuntu.com/4056-1/
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html
Broken Link
https://github.com/Exiv2/exiv2/issues/793
Exploit
Patch
Third Party Advisory
https://github.com/Exiv2/exiv2/pull/815
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGBT5OD2TF4AIXJUC56WOUJRHAZLZ4DC/
https://support.f5.com/csp/article/K45429077?utm_source=f5support&amp%3Butm_medium=RSS
https://usn.ubuntu.com/4056-1/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:exiv2:exiv2:*:*:*:*:*:*:*:*

Версия до 0.27.1 (включая)

Конфигурация 2

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.0036

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-476

Связанные уязвимости

CVE-2019-13114

CVSS3: 6.5

ubuntu

около 6 лет назад

http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.

CVE-2019-13114

CVSS3: 5.5

redhat

около 6 лет назад

http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.

CVE-2019-13114

CVSS3: 6.5

debian

около 6 лет назад

http.c in Exiv2 through 0.27.1 allows a malicious http server to cause ...

GHSA-7jp6-64vf-6wq3

CVSS3: 6.5

github

около 3 лет назад

http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.

BDU:2020-02400

CVSS3: 6.5

fstec

около 6 лет назад

Уязвимость компонента http.c библиотеки для управления метаданными медиафайлов Exiv2, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 57%

0.0036

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-476