CVE-2019-12412

CVE-2019-12412 affects libapreq2 versions 2.07–2.13, where the multipart parser can dereference a null pointer, causing a process crash and a potential denial-of-service. Exploitation is described as remote via crafted HTTP requests. Public references include Ubuntu USN advisories (USN-4558-1 for...

CVE-2019-12412

A flaw in the libapreq2 v2.07 to v2.13 multipart parser can deference a null pointer leading to a process crash. A remote attacker could send a request causing a process crash which could lead to a denial of service attack...

Ubuntu 18.04 LTS : libapreq2 vulnerabilities (USN-4558-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4558-1 advisory. It was discovered that libapreq2 did not properly sanitize the Content-Type field in certain, crafted HTTP requests. An attacker could use this vulnerability to...

Ubuntu: Security Advisory (USN-4558-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4558-1 libapreq2 vulnerabilities

It was discovered that libapreq2 did not properly sanitize the Content-Type field in certain, crafted HTTP requests. An attacker could use this vulnerability to cause libapreq2 to crash...

USN-4558-1: libapreq2 vulnerabilities

It was discovered that libapreq2 did not properly sanitize the Content-Type field in certain, crafted HTTP requests. An attacker could use this vulnerability to cause libapreq2 to crash...

The vulnerability of the create_multipart_context() function in the libapreq2 library, which allows a hacker to cause a service failure

The vulnerability of the createmultipartcontext function in the libapreq2 library is related to the assignment of a null pointer. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures by using a specially crafted HTTP request...

Fedora Update for libapreq2 FEDORA-2019-be108ff0f4

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Amazon Linux AMI : libapreq2 (ALAS-2019-1323)

Remotely exploitable NULL pointer dereference bug CVE-2019-12412 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2019-1323. include'compat.inc'; if description scriptid131243; scriptversion"1.5";...

Medium: libapreq2

Issue Overview: Remotely exploitable null pointer dereference bug CVE-2019-12412 Affected Packages: libapreq2 Issue Correction: Run yum update libapreq2 or yum update --advisory ALAS-2019-1323 to update your system. New Packages: i686: libapreq2-libs-2.13-38.2.amzn1.i686 ...

Updated libapreq2 packages fix security vulnerability

Updated libapreq2 packages fix security vulnerability: Max Kellermann reported a NULL pointer dereference flaw in libapreq2, allowing a remote attacker to cause a denial of service against an application using the library application crash if an invalid nested "multipart" body is processed...

MGASA-2019-0327 Updated libapreq2 packages fix security vulnerability

Updated libapreq2 packages fix security vulnerability: Max Kellermann reported a NULL pointer dereference flaw in libapreq2, allowing a remote attacker to cause a denial of service against an application using the library application crash if an invalid nested "multipart" body is processed...

[SECURITY] Fedora 31 Update: libapreq2-2.13-38.fc31

libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...

Fedora 29 : libapreq2 (2019-d2381feee9)

Patch CVE-2019-12412. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security,...

Fedora 30 : libapreq2 (2019-7fbe8a9a06)

Patch CVE-2019-12412. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security,...

[SECURITY] Fedora 30 Update: libapreq2-2.13-38.fc30

libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...

Fedora Update for libapreq2 FEDORA-2019-7fbe8a9a06

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for libapreq2 FEDORA-2019-d2381feee9

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

libapreq2 Denial of Service Vulnerability

libapreq2 is a generic Apache request library. A denial of service vulnerability exists in libapreq2, which can be exploited by a remote attacker to cause a denial of service to an application using the library...

Debian DSA-4541-1 : libapreq2 - security update

Max Kellermann reported a NULL pointer dereference flaw in libapreq2, a generic Apache request library, allowing a remote attacker to cause a denial of service against an application using the library application crash if an invalid nested 'multipart' body is processed. C Tenable Network Security...