CVE-2012-0256Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Traffic Server

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
1.9%
top 16.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Traffic Server
Timeline
PublishedMar 26
Latest updateMay 4

Description

Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/traffic_server19 versions+18

Patches

Patch: trafficserver.apache.orgPatch: trafficserver.apache.org

🔴Vulnerability Details

3
GHSA
GHSA-j695-8g8p-qf2x: Apache Traffic Server 22022-05-04
CVEList
CVE-2012-0256: Apache Traffic Server 22012-03-26
OSV
CVE-2012-0256: Apache Traffic Server 22012-03-26

📋Vendor Advisories

1
Debian
CVE-2012-0256: trafficserver - Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does n...2012
CVE-2012-0256 — Apache Traffic Server vulnerability | cvebase