Vulnerabilities > CVE-2019-20800 - Out-of-bounds Write vulnerability in Cherokee-Project Cherokee

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

cherokee-project

CWE-787

critical

NVD

Published: 2020-05-18

Updated: 2024-11-21

Summary

In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers, as demonstrated by a GET request with many "Host: 127.0.0.1" headers.

Vulnerable Configurations

Part	Description	Count
Application	Cherokee-Project Cherokee Project Cherokee - Cherokee Project Cherokee 0.4.27 Cherokee Project Cherokee 0.99.31 Cherokee Project Cherokee 0.99.32 Cherokee Project Cherokee 1.0.12 Cherokee Project Cherokee 1.0.13 Cherokee Project Cherokee 1.0.14 Cherokee Project Cherokee 1.0.15 Cherokee Project Cherokee 1.0.16 Cherokee Project Cherokee 1.0.17 Cherokee Project Cherokee 1.0.18 Cherokee Project Cherokee 1.0.21 Cherokee Project Cherokee 1.2.0 Cherokee Project Cherokee 1.2.2 Cherokee Project Cherokee 1.2.98 Cherokee Project Cherokee 1.2.99 Cherokee Project Cherokee 1.2.101 Cherokee Project Cherokee 1.2.102 Cherokee Project Cherokee 1.2.103 Cherokee Project Cherokee 1.2.104	20

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References