CVE-2017-14149
HIGHGoAhead 3.4.0-3.6.5 - NULL Pointer Dereference in websDecodeUrl
Title source: llmDescription
GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/shadow4u/goaheaddebug/blob/master/README.md
Scores
CVSS v3
7.5
EPSS
0.0579
EPSS Percentile
92.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (20)
embedthis/goahead
3.4.0
embedthis/goahead
3.4.1
embedthis/goahead
3.4.2
embedthis/goahead
3.4.3
embedthis/goahead
3.4.4
embedthis/goahead
3.4.5
embedthis/goahead
3.4.6
embedthis/goahead
3.4.7
embedthis/goahead
3.4.8
embedthis/goahead
3.4.9
... and 10 more
Published
Sep 05, 2017
Tracked Since
Feb 18, 2026