perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <>
Subject CVE-2019-12412: libapreq2 null pointer dereference
Date Tue, 17 Nov 2020 17:05:19 GMT
CVE-2019-12412: libapreq2 null pointer dereference

Severity: important

Vendor: The Apache Software Foundation

Versions Affected:
libapreq2 2.07 to 2.13

In libapreq2 versions 2.07 through 2.13 inclusive, a flaw in the 
multipart parser can deference a null pointer leading to a process 
crash.  A remote attacker could send a request causing a process crash 
which could lead to a denial of service attack.

disable the libapreq2 multipart parser

Thanks to Max Kellerman and Salvatore Bonaccorso for finding and
reporting this issue.


View raw message