2 matches found
CVE-2019-19945
CVE-2019-19945 affects OpenWrt/uhttpd. A signedness error in uhttpd up to 18.06.5 and 19.x up to 19.07.0-rc2 allows out-of-bounds access to a heap buffer, leading to a crash. The issue can be triggered by a remote HTTP POST to a CGI script with Transfer-Encoding: chunked and a large negative Cont...
Security Advisory 2020-01-13-1 - uhttpd invalid data access via HTTP POST request (CVE-2019-19945)
DESCRIPTION An invalid data access can be triggered with an HTTP POST request to a CGI script specifying both Transfer-Encoding: chunked and a large Content-Length which exceeds 2^31 and is interpreted as a signed negative number. The negative content length is assigned to r→contentlength in...