CVE-2017-14149

HIGH

GoAhead 3.4.0-3.6.5 - NULL Pointer Dereference in websDecodeUrl

Title source: llm
STIX 2.1

Description

GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/shadow4u/goaheaddebug/blob/master/README.md

Scores

CVSS v3 7.5
EPSS 0.0579
EPSS Percentile 92.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (20)
embedthis/goahead 3.4.0
embedthis/goahead 3.4.1
embedthis/goahead 3.4.2
embedthis/goahead 3.4.3
embedthis/goahead 3.4.4
embedthis/goahead 3.4.5
embedthis/goahead 3.4.6
embedthis/goahead 3.4.7
embedthis/goahead 3.4.8
embedthis/goahead 3.4.9
... and 10 more
Published Sep 05, 2017
Tracked Since Feb 18, 2026