Vulnerabilities > CVE-2020-35452 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 7.3 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
LOW

Summary

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow

Vulnerable Configurations

Part Description Count
Application
Apache
46
Application
Oracle
5
OS
Debian
2
OS
Fedoraproject
2

Common Weakness Enumeration (CWE)

References