Lucene search

[email protected]NVD:CVE-2023-4540

HistorySep 05, 2023 - 8:15 a.m.

CVE-2023-4540

2023-09-0508:15:40

CWE-755

[email protected]

web.nvd.nist.gov

vulnerability

denial of service

lua-http library

excessive allocation

cve-2023-4540

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

19.0%

JSON

Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server.

This issue affects lua-http: all versions before commit ddab283.

Affected configurations

NVD

Node

daurnimatorlua-httpMatch0.4lua

References

cert.pl/posts/2023/09/CVE-2023-4540/

github.com/daurnimator/lua-http/commit/ddab2835c583d45dec62680ca8d3cbde55e0bae6

https://cert.pl/en/posts/2023/09/CVE-2023-4540/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

19.0%

JSON

Related for NVD:CVE-2023-4540

cve1 veracode1 osv1 prion1 alpinelinux1 ubuntucve1 debiancve1 cvelist1