[Bug 1190246] New: VUL-1: CVE-2021-40540: ulfius: missing initialization and NULL check for malformed HTTP requests

7 Sep 2021

      https://bugzilla.suse.com/show_bug.cgi?id=1190246

            Bug ID: 1190246
           Summary: VUL-1: CVE-2021-40540: ulfius: missing initialization
                    and NULL check for malformed HTTP requests
    Classification: openSUSE
           Product: openSUSE Distribution
           Version: Leap 15.3
          Hardware: Other
               URL: https://smash.suse.de/issue/309158/
                OS: Other
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: Security
          Assignee: mardnh@gmx.de
          Reporter: gabriele.sonnu@suse.com
        QA Contact: security-team@suse.de
          Found By: ---
           Blocker: ---

ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info
initialization and a con_info->request NULL check for certain malformed HTTP
requests.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40540
https://github.com/babelouest/ulfius/commit/c83f564c184a27145e07c274b305cabe...
https://github.com/babelouest/ulfius/compare/v2.7.3...v2.7.4

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 1190246] New: VUL-1: CVE-2021-40540: ulfius: missing initialization and NULL check for malformed HTTP requests

bugzilla_noreply＠suse.com