CVE-2020-35452

Published: Jun 10, 2021Modified: Nov 21, 2024

7.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability: 3.9 / Impact: 3.4

Source: NVD

Description

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow

Affected (10)

Products: Apache: Http Server · Debian: Debian Linux · Fedoraproject: Fedora · +1 more

Show all products

Apache: Http Server · Debian: Debian Linux · Fedoraproject: Fedora · Oracle: Enterprise Manager Ops Center, Instantis Enterprisetrack, Zfs Storage Appliance Kit

1 product

1 product

1 product

3 products

Enterprise Manager Ops Center

Instantis Enterprisetrack

Zfs Storage Appliance Kit

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Http Server	From 2.4.0 to 2.4.46

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 34
Fedoraproject Fedora	Version 35

Configuration D

5 vulnerable

Vulnerable Software	Affected Versions
Oracle Enterprise Manager Ops Center	Version 12.4.0.0
Oracle Instantis Enterprisetrack	Version 17.1
Oracle Instantis Enterprisetrack	Version 17.2
Oracle Instantis Enterprisetrack	Version 17.3
Oracle Zfs Storage Appliance Kit	Version 8.8

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (24)

http://httpd.apache.org/security/vulnerabilities_24.html

Source: security@apache.org

Vendor Advisory

http://www.openwall.com/lists/oss-security/2021/06/10/5

Source: security@apache.org

Mailing ListThird Party Advisory

https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/rccb1b8225583a48c6360edc7a93cc97ae8b0215791e455dc607e7602%40%3Cannounce.httpd.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E

Source: security@apache.org

Mailing ListRelease NotesVendor Advisory

https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html

Source: security@apache.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/

Source: security@apache.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/

Source: security@apache.org

https://security.gentoo.org/glsa/202107-38

Source: security@apache.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20210702-0001/

Source: security@apache.org

Third Party Advisory

https://www.debian.org/security/2021/dsa-4937

Source: security@apache.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Source: security@apache.org

Third Party Advisory

http://httpd.apache.org/security/vulnerabilities_24.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.openwall.com/lists/oss-security/2021/06/10/5

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rccb1b8225583a48c6360edc7a93cc97ae8b0215791e455dc607e7602%40%3Cannounce.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListRelease NotesVendor Advisory

https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202107-38

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20210702-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2021/dsa-4937

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.