oss-sec mailing list archives
CVE-2019-12412: libapreq2 null pointer dereference
From: Joe Orton <jorton () apache org>
Date: Tue, 17 Nov 2020 17:06:55 +0000
CVE-2019-12412: libapreq2 null pointer dereference Severity: important Vendor: The Apache Software Foundation Versions Affected: libapreq2 2.07 to 2.13 Description: In libapreq2 versions 2.07 through 2.13 inclusive, a flaw in the multipart parser can deference a null pointer leading to a process crash. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. Mitigation: disable the libapreq2 multipart parser Credit: Thanks to Max Kellerman and Salvatore Bonaccorso for finding and reporting this issue. References: https://bugs.debian.org/939937
Current thread:
- CVE-2019-12412: libapreq2 null pointer dereference Joe Orton (Nov 17)