CVE-2005-2970

CWE-770 — Allocation without Limits12 documents8 sources

Severity

5.0MEDIUM

EPSS

20.8%

top 4.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server Canonical Ubuntu Linux Fedoraproject Fedora Core +3 more

Timeline

PublishedOct 25

Latest updateMay 1

Description

Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages6 packages

▶NVDapache/http_server2.0.36 — 2.0.55

▶Debianapache2< 2.0.55-1+3

▶NVDfedoraproject/fedora_core4

▶NVDredhat/enterprise_linux_server3.0, 4.0+1

▶NVDredhat/enterprise_linux_desktop3.0, 4.0+1

Also affects: Ubuntu Linux 4.10, 5.04, 5.10

🔴Vulnerability Details

GHSA

GHSA-q8m3-9hrv-x6fg: Memory leak in the worker MPM (worker↗2022-05-01

▶

CVEList

CVE-2005-2970: Memory leak in the worker MPM (worker↗2005-10-25

▶

OSV

CVE-2005-2970: Memory leak in the worker MPM (worker↗2005-10-25

▶

📋Vendor Advisories

Ubuntu

Apache 2 vulnerability↗2005-12-07

▶

Red Hat

security flaw↗2005-10-25

▶

Debian

CVE-2005-2970: apache2 - Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances,...↗2005

▶

💬Community

Bugzilla

CVE-2005-2970 security flaw↗2018-08-16

▶

Bugzilla

CVE-2005-2970, CVE-2005-3352, CVE-2005-3357 Apache httpd multiple security issues↗2005-12-09

▶

Bugzilla

CVE-2005-2970 httpd worker MPM memory consumption DoS↗2005-11-25

▶

Bugzilla

CVE-2005-2970 httpd worker MPM memory consumption DoS↗2005-10-25

▶

Bugzilla

CVE-2005-2970 httpd worker MPM memory consumption DoS↗2005-10-25

▶