CVE-2020-12845NULL Pointer Dereference in Cherokee

CWE-476NULL Pointer Dereference5 documents4 sources
Severity
7.5HIGHNVD
EPSS
7.7%
top 8.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cherokee-project Cherokee
Timeline
PublishedJul 27
Latest updateMay 24

Description

Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_buffer_add call within cherokee_validator_parse_basic or cherokee_validator_parse_digest.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDcherokee-project/cherokee0.4.271.2.104

🔴Vulnerability Details

2
GHSA
GHSA-g9j5-2x3f-77xp: Cherokee 02022-05-24
CVEList
CVE-2020-12845: Cherokee 02020-07-27

💬Community

2
Bugzilla
CVE-2020-12845 cherokee: NULL pointer dereference by sending an HTTP request using a malformed Authorization header2020-07-28
Bugzilla
CVE-2020-12845 cherokee: NULL pointer dereference by sending an HTTP request using a malformed Authorization header [epel-6]2020-07-28
CVE-2020-12845 — NULL Pointer Dereference in Cherokee | cvebase