CVE-2019-17502
HIGHhydra_project/hydra < 0.1.8 - Denial of Service via NULL Pointer Dereference in POST Request Handling
Title source: llmDescription
Hydra through 0.1.8 has a NULL pointer dereference and daemon crash when processing POST requests that lack a Content-Length header. read.c, request.c, and util.c contribute to this. The process_header_end() function calls boa_atoi(), which ultimately calls atoi() on a NULL pointer.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://gist.github.com/fxb6476/0b9883a88ff2ca40de46a8469834e16c
Third Party Advisory x_refsource_misc
http://hydra.hellug.gr
Scores
CVSS v3
7.5
EPSS
0.0170
EPSS Percentile
74.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (1)
hydra_project/hydra
< 0.1.8
Published
Oct 12, 2019
Tracked Since
Feb 18, 2026