Vulnerability Details CVE-2019-12412
A flaw in the libapreq2 v2.07 to v2.13 multipart parser can deference a null pointer leading to a process crash. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.024
EPSS Ranking 84.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://bugs.debian.org/939937
- https://lists.apache.org/thread.html/rce5814279a615d4a17c870a3c5b77f57975874d382ffee0b73b7f9da%40%3Cmodperl.perl.apache.org%3E
- https://bugs.debian.org/939937
- https://lists.apache.org/thread.html/rce5814279a615d4a17c870a3c5b77f57975874d382ffee0b73b7f9da%40%3Cmodperl.perl.apache.org%3E
Products affected by CVE-2019-12412
-
cpe:2.3:a:apache:libapreq2:2.07
-
cpe:2.3:a:apache:libapreq2:2.08
-
cpe:2.3:a:apache:libapreq2:2.12
-
cpe:2.3:a:apache:libapreq2:2.13