Buffer Overflow Vulnerability in ModSecurity Affects Version 3.0.12
CVE-2024-46292

7.5HIGH

Key Information:

Vendor: OWASP
Status: Modsecurity
Vendor: CVE Published:; 9 October 2024

What is CVE-2024-46292?

ModSecurity version 3.0.12 is susceptible to a buffer overflow that enables attackers to initiate Denial of Service (DoS) conditions by inserting specially crafted input into the name parameter. While the supplier disputes these claims due to an inability to reproduce the issue, it is crucial to note that the product documentation suggests limitations when working with large values set for SecRequestBodyNoFilesLimit, potentially increasing the risk of exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/owasp-modsecurity/ModSecurity/blob/v3/...

https://github.com/yoloflz101/yoloflz/blob/main/README.md

https://modsecurity.org/20241011/about-cve-2024-46292-202...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 9, 2024

JSON

OWASP

What is CVE-2024-46292?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.