Vulnerabilities > CVE-2023-40586 - Unspecified vulnerability in Coraza 3.0.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

coraza

NVD

Published: 2023-08-25

Updated: 2023-09-01

Summary

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of `log.Fatalf`, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an error in `mime.ParseMediaType`. This issue was patched in version 3.0.1.

Vulnerable Configurations

Part	Description	Count
Application	Coraza Coraza Coraza 3.0.0	1

References

https://github.com/corazawaf/coraza/commit/a5239ba3ce839e14d9b4f9486e1b4a403dcade8c
https://github.com/corazawaf/coraza/security/advisories/GHSA-c2pj-v37r-2p6h