In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache http server 2.4.1 |
||
apache http server 2.4.20 |
||
apache http server 2.4.6 |
||
apache http server 2.4.12 |
||
apache http server 2.4.3 |
||
apache http server 2.4.23 |
||
apache http server 2.4.4 |
||
apache http server 2.4.10 |
||
apache http server 2.4.7 |
||
apache http server 2.4.25 |
||
apache http server 2.4.26 |
||
apache http server 2.4.18 |
||
apache http server 2.4.2 |
||
apache http server 2.4.17 |
||
apache http server 2.4.16 |
||
apache http server 2.4.9 |
||
apache http server 2.4.27 |
||
apache http server 2.4.29 |
||
apache http server 2.4.28 |
||
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
debian debian linux 9.0 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 17.10 |
||
canonical ubuntu linux 18.04 |
||
netapp santricity cloud connector - |
||
netapp storage automation store - |
||
netapp storagegrid - |
||
netapp clustered data ontap - |
||
redhat enterprise linux 7.4 |
||
redhat enterprise linux 7.0 |
||
redhat enterprise linux 6.0 |
||
redhat enterprise linux 7.5 |
||
redhat enterprise linux 7.6 |