CVE-2019-5097Infinite Loop in Goahead

CWE-835Infinite Loop4 documents4 sources
Severity
7.5HIGHNVD
EPSS
7.3%
top 8.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Embedthis Goahead
Timeline
PublishedDec 3
Latest updateMay 24

Description

A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDembedthis/goahead3.6.5, 4.1.1, 5.0.1+2

🔴Vulnerability Details

2
GHSA
GHSA-cj8r-mppq-qjm5: A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v52022-05-24
CVEList
CVE-2019-5097: A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v52019-12-03
CVE-2019-5097 — Infinite Loop in Embedthis Goahead | cvebase