CVE-2019-5096Use After Free in Goahead

CWE-416Use After Free4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
79.6%
top 0.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Embedthis Goahead
Timeline
PublishedDec 3
Latest updateMay 24

Description

An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this request that can be used to corrupt heap structures that could lead to full code execution. The request can be unauthenticated in the form of GET or POST requests, and does not require the requested resource t

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDembedthis/goahead3.6.5, 4.1.1, 5.0.1+2

🔴Vulnerability Details

2
GHSA
GHSA-xcxv-6fr5-34fm: An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application i2022-05-24
CVEList
CVE-2019-5096: An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application i2019-12-03
CVE-2019-5096 — Use After Free in Embedthis Goahead | cvebase