perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@apache.org>
Subject CVE-2019-12412: libapreq2 null pointer dereference
Date Tue, 17 Nov 2020 17:05:19 GMT
CVE-2019-12412: libapreq2 null pointer dereference

Severity: important

Vendor: The Apache Software Foundation

Versions Affected:
libapreq2 2.07 to 2.13

Description:
In libapreq2 versions 2.07 through 2.13 inclusive, a flaw in the 
multipart parser can deference a null pointer leading to a process 
crash.  A remote attacker could send a request causing a process crash 
which could lead to a denial of service attack.

Mitigation:
disable the libapreq2 multipart parser

Credit:
Thanks to Max Kellerman and Salvatore Bonaccorso for finding and
reporting this issue.

References:
https://bugs.debian.org/939937


Mime
View raw message