CVE-2017-14149

Published: Sep 5, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request.

Affected (20)

Products: Embedthis: Goahead

Embedthis

1 product

Goahead

Configuration A

20 vulnerable

Vulnerable Software	Affected Versions
Embedthis Goahead	Version 3.4.0
Embedthis Goahead	Version 3.4.10
Embedthis Goahead	Version 3.4.11
Embedthis Goahead	Version 3.4.12
Embedthis Goahead	Version 3.4.1
Embedthis Goahead	Version 3.4.2
Embedthis Goahead	Version 3.4.3
Embedthis Goahead	Version 3.4.4
Embedthis Goahead	Version 3.4.5
Embedthis Goahead	Version 3.4.6
Embedthis Goahead	Version 3.4.7
Embedthis Goahead	Version 3.4.8
Embedthis Goahead	Version 3.4.9
Embedthis Goahead	Version 3.5.0
Embedthis Goahead	Version 3.6.0
Embedthis Goahead	Version 3.6.1
Embedthis Goahead	Version 3.6.2
Embedthis Goahead	Version 3.6.3
Embedthis Goahead	Version 3.6.4
Embedthis Goahead	Version 3.6.5

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (2)

https://github.com/shadow4u/goaheaddebug/blob/master/README.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/shadow4u/goaheaddebug/blob/master/README.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.