Vulnerabilities > CVE-2020-13574 - NULL Pointer Dereference vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

genivia

fedoraproject

CWE-476

NVD

Published: 2021-02-10

Updated: 2024-03-01

Summary

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Genivia Genivia Gsoap 2.8.107	1
OS	Fedoraproject Fedoraproject Fedora 33 Fedoraproject Fedora 34	2

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1185
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMTJ3SJJ22SFLBLPKFADV7NVBH7UFA23/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JINMAJB4WQASTKTNSPQL3V7YMSYPKIA2/
https://lists.debian.org/debian-lts-announce/2024/02/msg00015.html