Out-of-bounds Write Affecting apache/httpd package, versions [,2.4.30)


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
2.45% (91st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-APACHEHTTPD-3007284
  • published12 Jan 2022
  • disclosed26 Mar 2018
  • creditUnknown

Introduced: 26 Mar 2018

CVE-2017-15710  (opens in a new tab)
CWE-787  (opens in a new tab)

How to fix?

Upgrade apache/httpd to version 2.4.30 or higher.

Overview

Affected versions of this package are vulnerable to Out-of-bounds Write. In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.

References

CVSS Base Scores

version 3.1