Remote Memory Leak in Boa Web Server by GPG
CVE-2018-21028

7.5HIGH

Key Information:

Vendor: Boa
Status: Boa
Vendor: CVE Published:; 11 October 2019

What is CVE-2018-21028?

The Boa Web Server, up to version 0.94.14rc21, contains a vulnerability that allows remote attackers to exploit a missing call to the free function, resulting in a memory leak. This flaw could potentially allow unauthorized access to system resources, leading to performance degradation or denial of service. It is crucial for users of the affected versions to apply appropriate mitigations to protect against possible exploitation.

References

https://github.com/gpg/boa/pull/1

x_refsource_CONFIRM

https://github.com/gpg/boa/pull/1/commits/e139b87835994d0...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2019
Vulnerability Reserved
Oct 11, 2019