Описание
NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/driver.c ChunkedDecode function not properly validating the length of a chunk. A remote attacker can craft a chunked-transfer request that will result in a negative value being passed to memmove via the size parameter, causing the process to crash.
Ссылки
- PatchThird Party Advisory
- Permissions RequiredThird Party Advisory
- PatchThird Party Advisory
- Permissions RequiredThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 4.99.4 (включая) до 4.99.19 (включая)
cpe:2.3:a:naviserver_project:naviserver:*:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00578
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
больше 3 лет назад
NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/driver.c ChunkedDecode function not properly validating the length of a chunk. A remote attacker can craft a chunked-transfer request that will result in a negative value being passed to memmove via the size parameter, causing the process to crash.
EPSS
Процентиль: 68%
0.00578
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-20