CVE-2016-2145

Published: Apr 15, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data.

Affected (2)

Products: Fedoraproject: Fedora · Uninett: Mod Auth Mellon

1 product

1 product

Mod Auth Mellon

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 23

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Uninett Mod Auth Mellon	Up to 0.11.0

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179085.html

Source: secalert@redhat.com

https://github.com/UNINETT/mod_auth_mellon/pull/71

Source: secalert@redhat.com

Patch

https://sympa.uninett.no/lists/uninett.no/arc/modmellon/2016-03/msg00000.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179085.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/UNINETT/mod_auth_mellon/pull/71

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://sympa.uninett.no/lists/uninett.no/arc/modmellon/2016-03/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.