40 matches found
CVE-2024-22086
handlerequest in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution...
PT-2024-19197 · Cherry · Cherry
Name of the Vulnerable Software and Affected Versions: cherry versions through 4b877df Description: The issue is related to a stack-based buffer overflow in the handle request function in http.c due to the use of sscanf with a long URI, which can lead to remote code execution. Recommendations: Fo...
CVE-2024-22086
handlerequest in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution...
CVE-2024-22086
handlerequest in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution...
CVE-2024-22086
CVE-2024-22086 affects the Cherry HTTP server. The vulnerability is a stack-based buffer overflow in the handle_request() function in http.c caused by using sscanf with a long URI, enabling remote code execution. Affected versions are Cherry up to 4b877df; explicit fixes are not documented in the...
K46552732: Wget vulnerability CVE-2017-13089
Security Advisory Description The http.c:skipshortbody function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a...
Huawei EulerOS: Security Advisory for exiv2 (EulerOS-SA-2019-1900)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2019-1085)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Null pointer dereference
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service crash due to a NULL pointer dereference by returning a crafted response that lacks a space character...
CVE-2019-13114
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service crash due to a NULL pointer dereference by returning a crafted response that lacks a space character...
CVE-2019-13114
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service crash due to a NULL pointer dereference by returning a crafted response that lacks a space character...
CVE-2019-13114
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service crash due to a NULL pointer dereference by returning a crafted response that lacks a space character...
CVE-2019-13114
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service crash due to a NULL pointer dereference by returning a crafted response that lacks a space character...
CVE-2019-12822
In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself...
CVE-2019-12822
CVE-2019-12822 affects Embedthis GoAhead, specifically http.c, where a header parsing vulnerability in GoAhead before 4.1.1 and 5.x before 5.0.1 leads to a memory assertion, out-of-bounds memory reference, and potential DoS (demonstrated by a colon on a line by itself). Connected documents corrob...
EulerOS Virtualization 2.5.2 : wget (EulerOS-SA-2019-1085)
According to the version of the wget package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the respnew function in http.c via a \r\n sequence in a...
Design/Logic Flaw
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the respnew function in http.c via a \r\n sequence in a continuation line...
CVE-2018-0494
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the respnew function in http.c via a \r\n sequence in a continuation line...
CVE-2018-0494
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the respnew function in http.c via a \r\n sequence in a continuation line...
CVE-2018-0494
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the respnew function in http.c via a \r\n sequence in a continuation line...