[Bug 1231443] New: VUL-0: CVE-2024-46292: modsecurity: excessive resource consumption when processing POST requests with extremely large content-lengths
https://bugzilla.suse.com/show_bug.cgi?id=1231443 Bug ID: 1231443 Summary: VUL-0: CVE-2024-46292: modsecurity: excessive resource consumption when processing POST requests with extremely large content-lengths Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/423485/ OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Security Assignee: dimstar@opensuse.org Reporter: smash_bz@suse.de QA Contact: security-team@suse.de CC: camila.matos@suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-46292 https://www.cve.org/CVERecord?id=CVE-2024-46292 https://github.com/owasp-modsecurity/ModSecurity/blob/v3/master/README.md https://github.com/yoloflz101/yoloflz/blob/main/README.md -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1231443 https://bugzilla.suse.com/show_bug.cgi?id=1231443#c1 --- Comment #1 from Camila Camargo de Matos <camila.matos@suse.com> --- @Dominique, I have set you as the assignee for this bug because I was unable to find the official maintainer for this package in OBS, and because you were the last person who updated package openSUSE:Factory/modsecurity. Please feel free to reassign the bug if you are aware of who the maintainer for this package is, or feel free to reassign it back to the Security team in case you do not know who that would be. Thanks in advance! -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1231443 https://bugzilla.suse.com/show_bug.cgi?id=1231443#c2 --- Comment #2 from Camila Camargo de Matos <camila.matos@suse.com> --- Packages affected by this issue: - openSUSE:Backports:SLE-15-SP5/modsecurity - openSUSE:Backports:SLE-15-SP6/modsecurity - openSUSE:Factory/modsecurity -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1231443 SMASH SMASH <smash_bz@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com