CVE-2020-35452

State: PUBLISHED · Published: 2021-06-10 · Updated: 2024-08-04 · Assigner: apache

Description

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow

CWE

(none)

Affected

Apache Software Foundation / Apache HTTP Server — v=2.4.46 [affected]; v=2.4.43 [affected]; v=2.4.41 [affected]; v=2.4.39 [affected]; v=2.4.38 [affected]; v=2.4.37 [affected]; v=2.4.35 [affected]; v=2.4.34 [affected]; v=2.4.33 [affected]; v=2.4.29 [affected]; v=2.4.28 [affected]; v=2.4.27 [affected]; v=2.4.26 [affected]; v=2.4.25 [affected]; v=2.4.23 [affected]; v=2.4.20 [affected]; v=2.4.18 [affected]; v=2.4.17 [affected]; v=2.4.16 [affected]; v=2.4.12 [affected]; v=2.4.10 [affected]; v=2.4.9 [affected]; v=2.4.7 [affected]; v=2.4.6 [affected]; v=2.4.4 [affected]; v=2.4.3 [affected]; v=2.4.2 [affected]; v=2.4.1 [affected]; v=2.4.0 [affected]

CVSS

(none)

References

http://httpd.apache.org/security/vulnerabilities_24.html x_refsource_MISC
https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E x_refsource_MISC
https://lists.apache.org/thread.html/rccb1b8225583a48c6360edc7a93cc97ae8b0215791e455dc607e7602%40%3Cannounce.httpd.apache.org%3E mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/06/10/5 mailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html mailing-list, x_refsource_MLIST
https://www.debian.org/security/2021/dsa-4937 vendor-advisory, x_refsource_DEBIAN
https://security.gentoo.org/glsa/202107-38 vendor-advisory, x_refsource_GENTOO
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/ vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/ vendor-advisory, x_refsource_FEDORA
https://www.oracle.com/security-alerts/cpuoct2021.html x_refsource_MISC
https://security.netapp.com/advisory/ntap-20210702-0001/ x_refsource_CONFIRM

Source

cvelistV5-main/cves/2020/35xxx/CVE-2020-35452.json