Vulnerabilities > CVE-2019-17502 - NULL Pointer Dereference vulnerability in Hydra Project Hydra 0.1.8

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
hydra-project
CWE-476

Summary

Hydra through 0.1.8 has a NULL pointer dereference and daemon crash when processing POST requests that lack a Content-Length header. read.c, request.c, and util.c contribute to this. The process_header_end() function calls boa_atoi(), which ultimately calls atoi() on a NULL pointer.

Vulnerable Configurations

Part Description Count
Application
Hydra_Project
1

Common Weakness Enumeration (CWE)