Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the http_cgi_write function under http-cgi.c; however, exploitation might show svz_envblock_add in libserveez/passthrough.c as the location of the heap-based buffer over-read.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
GNU Serveez 信息泄露漏洞
Vulnerability Description
GNU Serveez是GNU计划的一款服务器框架,是一个基于IP的服务器实现。 GNU Serveez 0.2.2及之前版本中的http-cgi.c文件的‘http_cgi_write’函数存在安全漏洞。攻击者可通过向/cgi-bin/reader URI发送HTTP POST请求利用该漏洞泄露信息。
CVSS Information
N/A
Vulnerability Type
N/A