Vulnerability Details CVE-2020-13111
NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/driver.c ChunkedDecode function not properly validating the length of a chunk. A remote attacker can craft a chunked-transfer request that will result in a negative value being passed to memmove via the size parameter, causing the process to crash.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2020-13111
-
cpe:2.3:a:naviserver_project:naviserver:4.99.10
-
cpe:2.3:a:naviserver_project:naviserver:4.99.11
-
cpe:2.3:a:naviserver_project:naviserver:4.99.12
-
cpe:2.3:a:naviserver_project:naviserver:4.99.13
-
cpe:2.3:a:naviserver_project:naviserver:4.99.14
-
cpe:2.3:a:naviserver_project:naviserver:4.99.15
-
cpe:2.3:a:naviserver_project:naviserver:4.99.16
-
cpe:2.3:a:naviserver_project:naviserver:4.99.17
-
cpe:2.3:a:naviserver_project:naviserver:4.99.18
-
cpe:2.3:a:naviserver_project:naviserver:4.99.19
-
cpe:2.3:a:naviserver_project:naviserver:4.99.4
-
cpe:2.3:a:naviserver_project:naviserver:4.99.5
-
cpe:2.3:a:naviserver_project:naviserver:4.99.6
-
cpe:2.3:a:naviserver_project:naviserver:4.99.7
-
cpe:2.3:a:naviserver_project:naviserver:4.99.8
-
cpe:2.3:a:naviserver_project:naviserver:4.99.9