CVE-2020-35452

Updated: 2024-11-24 03:39:57.508595

Description:

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 6.8
CVSS Version 3.x HIGH 7.3

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS httpd 2.2.15 7.3 HIGH Released CLSA-2021:1633601543 2022-05-05 12:02:03
CentOS 8.4 ELS httpd 2.4.37 7.3 HIGH Released CLSA-2022:1654106434 2022-06-01 14:35:49
CentOS 8.5 ELS httpd 2.4.37 7.3 HIGH Released CLSA-2022:1654106630 2022-06-01 14:35:49
CloudLinux 6 ELS httpd 2.2.15 7.3 HIGH Released 2022-01-15 04:51:44
Oracle Linux 6 ELS httpd 2.2.15 7.3 HIGH Released CLSA-2021:1634922624 2022-01-15 04:51:44
Ubuntu 16.04 ELS apache2 2.4.18 7.3 HIGH Released CLSA-2021:1635459129 2021-12-09 07:57:03