CVE-2017-1000118Improper Restriction of Operations within the Bounds of a Memory Buffer in Http Server

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 39.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Akka Http Server
Timeline
PublishedOct 5
Latest updateOct 22

Description

Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDakka/http_server10.0.5

🔴Vulnerability Details

3
OSV
Improper Restriction of Operations within the Bounds of a Memory Buffer in akka-http-core2018-10-22
GHSA
Improper Restriction of Operations within the Bounds of a Memory Buffer in akka-http-core2018-10-22
CVEList
CVE-2017-1000118: Akka HTTP versions <= 102017-10-04

📋Vendor Advisories

1
Microsoft
Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service2017-10-10
CVE-2017-1000118 — Akka Http Server vulnerability | cvebase