Header Parsing Vulnerability in Embedthis GoAhead Web Server
CVE-2019-12822

7.5HIGH

Key Information:

Vendor: Embedthis
Status: Goahead
Vendor: CVE Published:; 14 June 2019

What is CVE-2019-12822?

The Embedthis GoAhead web server is susceptible to a header parsing vulnerability that can result in a memory assertion failure and out-of-bounds memory reference. This issue, found in versions prior to 4.1.1 and 5.0.1, may be exploited to perform a Denial of Service (DoS) attack. A specific scenario can trigger this vulnerability, such as having a colon on a line by itself, which can disrupt normal operation and pose a risk to application availability. Users are advised to update to the latest versions to mitigate this risk.

References

https://github.com/embedthis/goahead/issues/285

x_refsource_MISC

https://github.com/embedthis/goahead/compare/5349710...57...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2019
Vulnerability Reserved
Jun 14, 2019