CVE-2019-12412: libapreq2 null pointer dereference
Severity: important
Vendor: The Apache Software Foundation
Versions Affected:
libapreq2 2.07 to 2.13
Description:
In libapreq2 versions 2.07 through 2.13 inclusive, a flaw in the
multipart parser can deference a null pointer leading to a process
crash. A remote attacker could send a request causing a process crash
which could lead to a denial of service attack.
Mitigation:
disable the libapreq2 multipart parser
Credit:
Thanks to Max Kellerman and Salvatore Bonaccorso for finding and
reporting this issue.
References:
https://bugs.debian.org/939937
Severity: important
Vendor: The Apache Software Foundation
Versions Affected:
libapreq2 2.07 to 2.13
Description:
In libapreq2 versions 2.07 through 2.13 inclusive, a flaw in the
multipart parser can deference a null pointer leading to a process
crash. A remote attacker could send a request causing a process crash
which could lead to a denial of service attack.
Mitigation:
disable the libapreq2 multipart parser
Credit:
Thanks to Max Kellerman and Salvatore Bonaccorso for finding and
reporting this issue.
References:
https://bugs.debian.org/939937