CVE-2020-35452

HIGH

Apache HTTP Server 2.4.0-2.4.46 - Out-of-bounds Write in mod_auth_digest via Digest Nonce

Title source: llm
STIX 2.1

Description

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow

References (12)

Core 12
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/06/10/5
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2021/dsa-4937
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202107-38
Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuoct2021.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210702-0001/

Scores

CVSS v3 7.3
EPSS 0.1029
EPSS Percentile 93.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-787
Status published
Products (10)
apache/http_server 2.4.0 - 2.4.46
debian/debian_linux 9.0
debian/debian_linux 10.0
fedoraproject/fedora 34
fedoraproject/fedora 35
oracle/enterprise_manager_ops_center 12.4.0.0
oracle/instantis_enterprisetrack 17.1
oracle/instantis_enterprisetrack 17.2
oracle/instantis_enterprisetrack 17.3
oracle/zfs_storage_appliance_kit 8.8
Published Jun 10, 2021
Tracked Since Feb 18, 2026