Denial of Service Vulnerability in libapreq2 by Apache Software Foundation
CVE-2019-12412

7.5HIGH

Key Information:

Vendor: Apache
Status: Libapreq2
Vendor: CVE Published:; 19 November 2020

Summary

A vulnerability exists in versions 2.07 to 2.13 of the libapreq2 multipart parser where a null pointer dereference can lead to a process crash. This flaw allows a remote attacker to exploit the parser by sending a specially crafted request, resulting in a denial of service attack that disrupts service availability.

Affected Version(s)

libapreq2 2.07 to 2.13

References

https://bugs.debian.org/939937

x_refsource_MISC

https://lists.apache.org/thread.html/rce5814279a615d4a17c...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 19, 2020
Vulnerability Reserved
May 28, 2019