CVE-2024-46292

HIGH

Trustwave Modsecurity - Buffer Overflow

Title source: rule

Description

A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usable with very large values of SecRequestBodyNoFilesLimit (which are required by the claimed issue).

References (3)

Core 3

Core References

Vendor Advisory

https://github.com/owasp-modsecurity/ModSecurity/blob/v3/master/README.md

View Writeup ZIP pw:eip

Broken Link

https://github.com/yoloflz101/yoloflz/blob/main/README.md

Vendor Advisory

https://modsecurity.org/20241011/about-cve-2024-46292-2024-october/

Scores

CVSS v3 7.5

EPSS 0.0080

EPSS Percentile 74.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-120

Status published

Products (1)

trustwave/modsecurity 3.0.12

Published Oct 09, 2024

Tracked Since Feb 18, 2026