Extended Lifecycle Support CVE dashboard by TuxСare

CVEs Releases Projects

CVE-2020-35452

Updated: 2022-05-25 08:53:16.967888

Description:

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 6.8
CVSS Version 3.x HIGH 7.3

Status

OS name Project name Version Status Errata Last updated
CentOS 6 ELS httpd 2.2.15 Released CLSA-2021:1633601543 2022-05-05 12:02:03.940452
CentOS 8.4 ELS httpd 2.4.37 Released CLSA-2022:1654106434 2022-06-01 14:35:49.614909
CentOS 8.5 ELS httpd 2.4.37 Released CLSA-2022:1654106630 2022-06-01 14:35:49.422012
CloudLinux 6 ELS httpd 2.2.15 Released 2022-01-15 04:51:44.332873
Oracle Linux 6 ELS httpd 2.2.15 Released CLSA-2021:1634922624 2022-01-15 04:51:44.341811
Ubuntu 16.04 ELS apache 2.4.18 Released CLSA-2021:1635459129 2021-12-09 07:57:03.620851