CVE-2024-46292
published 2024-10-09CVE-2024-46292: A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this…
PriorityP337high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.78%
51.4th percentile
A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usable with very large values of SecRequestBodyNoFilesLimit (which are required by the claimed issue).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trustwave | modsecurity | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gmcv-mjv9-gjcv: A buffer overflow in modsecurity v3
ghsa_unreviewed·2024-10-09
CVE-2024-46292 [HIGH] CWE-120 GHSA-gmcv-mjv9-gjcv: A buffer overflow in modsecurity v3
A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter.
OSV
CVE-2024-46292: A buffer overflow in modsecurity v3
osv·2024-10-09·CVSS 7.5
CVE-2024-46292 [HIGH] CVE-2024-46292: A buffer overflow in modsecurity v3
A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usable with very large values of SecRequestBodyNoFilesLimit (which are required by the claimed issue).
Red Hat
mod_security: denial of service via name paramter
vendor_redhat·2024-10-09·CVSS 7.5
CVE-2024-46292 [HIGH] CWE-400 mod_security: denial of service via name paramter
mod_security: denial of service via name paramter
A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usable with very large values of SecRequestBodyNoFilesLimit (which are required by the claimed issue).
A flaw was found in ModSecurity. In certain configurations, an attacker may be able to use a specially-crafted request to trigger a denial of service.
Package: mod_security (Red Hat Enterprise Linux 7) - Not affected
Package: mod_security (Red Hat Enterprise Linux 8) - Not affected
Package: mod_security (Red Hat Enterprise Linux 9) - Not affecte
No detection rules found.
No public exploits indexed.
2024-10-09
Published