CVE-2020-35452: mod_auth_digest possible stack overflow by one nul byte

Severity: low

Vendor: The Apache Software Foundation

Versions Affected:
httpd 2.4.0 to 2.4.46

Apache HTTP Server 2.4.0 to 2.4.46
A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. 
There is no report of this overflow being exploitable, nor the Apache HTTP 
Server team could create one, though some particular compiler and/or 
compilation option might make it possible, with limited consequences anyway due 
to the size (a single byte) and the value (zero byte) of the overflow

This issue was discovered and reported by GHSL team member @antonio-morales 
(Antonio Morales)


Reply via email to