CVE-2019-12412
HIGHApache libapreq2 2.07-2.13 - Denial of Service via Multipart Parser Null Pointer Dereference
Title source: llmDescription
A flaw in the libapreq2 v2.07 to v2.13 multipart parser can deference a null pointer leading to a process crash. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory x_refsource_misc
https://bugs.debian.org/939937
Mailing List, Vendor Advisory x_refsource_misc
https://lists.apache.org/thread.html/rce5814279a615d4a17c870a3c5b77f57975874d382ffee0b73b7f9da%40%3Cmodperl.perl.apache.org%3E
Scores
CVSS v3
7.5
EPSS
0.0245
EPSS Percentile
85.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (1)
apache/libapreq2
2.07 - 2.13
Published
Nov 19, 2020
Tracked Since
Feb 18, 2026