Buffer Overflow Vulnerability in ModSecurity Affects Version 3.0.12
CVE-2024-46292

7.5HIGH

Key Information:

Vendor: OWASP
Status: Modsecurity
Vendor: CVE Published:; 9 October 2024

What is CVE-2024-46292?

ModSecurity version 3.0.12 is susceptible to a buffer overflow that enables attackers to initiate Denial of Service (DoS) conditions by inserting specially crafted input into the name parameter. While the supplier disputes these claims due to an inability to reproduce the issue, it is crucial to note that the product documentation suggests limitations when working with large values set for SecRequestBodyNoFilesLimit, potentially increasing the risk of exploitation.

References

https://github.com/owasp-modsecurity/ModSecurity/blob/v3/...

https://github.com/yoloflz101/yoloflz/blob/main/README.md

https://modsecurity.org/20241011/about-cve-2024-46292-202...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2024

CVE-2024-46292 Data

JSON

OWASP

What is CVE-2024-46292?

References

CVSS V3.1

Timeline