Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-m7gr-5w5g-36jf: Out-of-bounds Read can lead to client side denial of service

An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) on the client side via a crafted URI.

According to the maintainer, the bug only affects the client side of the request and cannot cause a denial of service on the server.

ghsa
Open in Source
#dos#git

Out-of-bounds Read can lead to client side denial of service

Moderate severity GitHub Reviewed Published Jul 23, 2022 • Updated Jul 27, 2022

Related news

CVE-2022-34037: [panic]: slice OOB caused by illegal uri · Issue #4775 · caddyserver/caddy

An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI.

ghsa: Latest News

GHSA-pxg6-pf52-xh8x: cookie accepts cookie name, path, and domain with out of bounds characters
ghsa