CVE-2021-33254

CWE-476 — NULL Pointer Dereference3 documents3 sources

Severity

7.5HIGH

EPSS

0.5%

top 35.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Embedthis Appweb

Timeline

PublishedJun 2

Latest updateJun 3

Description

An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDembedthis/appweb8.2.1

Patches

Patch: awxylitol.github.io ↗Patch: awxylitol.github.io ↗

🔴Vulnerability Details

GHSA

GHSA-65f4-q4wv-frpq: An issue was discovered in src/http/httpLib↗2022-06-03

▶

CVEList

CVE-2021-33254: An issue was discovered in src/http/httpLib↗2022-06-01

▶