Vulnerabilities > CVE-2019-19240 - Use of Uninitialized Resource vulnerability in Embedthis Goahead
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak uninitialized data in a response.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/embedthis/goahead/issues/289
- https://github.com/embedthis/goahead/issues/289
- https://github.com/embedthis/goahead/issues/290
- https://github.com/embedthis/goahead/issues/290
- https://github.com/embedthis/goahead/releases/tag/v5.0.1
- https://github.com/embedthis/goahead/releases/tag/v5.0.1