CVE-2004-0488Out-of-bounds Write in Apache Http Server

CWE-787Out-of-bounds Write9 documents7 sources
Severity
7.5HIGHNVD
EPSS
62.7%
top 1.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apache Http ServerDebian LinuxRedhat Enterprise Linux Server+1 more
Timeline
PublishedJul 7
Latest updateMay 3

Description

Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

NVDapache/http_server2.0.352.0.50

Also affects: Debian Linux 3.0

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
GHSA-cwr4-7j4w-3vv9: Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util2022-05-03
OSV
CVE-2004-0488: Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util2004-07-07
CVEList
CVE-2004-0488: Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util2004-05-28

📋Vendor Advisories

2
Red Hat
mod_ssl ssl_util_uuencode_binary CA issue2004-05-17
Debian
CVE-2004-0488: apache2 - Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util...2004

💬Community

3
Bugzilla
CVE-2004-0488 mod_ssl ssl_util_uuencode_binary CA issue2008-01-30
Bugzilla
CVE-2004-0488 mod_ssl flaws (CVE-2004-0885 CVE-2005-2700)2005-10-25
Bugzilla
CAN-2004-0488 mod_ssl ssl_util_uuencode_binary() stack overflow2004-06-02