Vulnerabilities > CVE-2023-4540 - Improper Handling of Exceptional Conditions vulnerability in Daurnimator Lua-Http 0.4

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

daurnimator

CWE-755

NVD

Published: 2023-09-05

Updated: 2024-10-10

Summary

Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. Such a request causes the program to enter an infinite loop. This issue affects lua-http: all versions before commit ddab283.

Vulnerable Configurations

Part	Description	Count
Application	Daurnimator Daurnimator LUA Http 0.4	1

Common Weakness Enumeration (CWE)

CWE-755 - Improper Handling of Exceptional Conditions

References

https://github.com/daurnimator/lua-http/commit/ddab2835c583d45dec62680ca8d3cbde55e0bae6
https://cert.pl/posts/2023/09/CVE-2023-4540/
https://cert.pl/en/posts/2023/09/CVE-2023-4540/