CVE-2024-46292

HIGH

7.5

Beschreibung

A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usable with very large values of SecRequestBodyNoFilesLimit (which are required by the claimed issue).

CVE Details

CVSS v3.1 Bewertung7.5

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht10/9/2024

Zuletzt geandert6/17/2025

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

trustwave:modsecurity

Schwachen (CWE)

CWE-120

Referenzen

https://github.com/owasp-modsecurity/ModSecurity/blob/v3/master/README.md(cve@mitre.org)

https://github.com/yoloflz101/yoloflz/blob/main/README.md(cve@mitre.org)

https://modsecurity.org/20241011/about-cve-2024-46292-2024-october/(cve@mitre.org)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.