CVE-2019-12822
HIGHEmbedthis GoAhead < 4.1.1 and 5.x < 5.0.1 - Denial of Service via Malformed HTTP Header
Title source: llmDescription
In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/embedthis/goahead/issues/285
Patch, Third Party Advisory x_refsource_misc
https://github.com/embedthis/goahead/compare/5349710...579f21f
Scores
CVSS v3
7.5
EPSS
0.0885
EPSS Percentile
94.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-119
CWE-917
Status
published
Products (1)
embedthis/goahead
< 4.1.1
Published
Jun 14, 2019
Tracked Since
Feb 18, 2026