Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/driver.c ChunkedDecode function not properly validating the length of a chunk. A remote attacker can craft a chunked-transfer request that will result in a negative value being passed to memmove via the size parameter, causing the process to crash.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
NaviServer 缓冲区错误漏洞
Vulnerability Description
NaviServer是一款使用C语言和Tcl语言编写的Web服务器。它支持反向代理、IPv6、动态线程池映射和基于OpenSSL的加密等功能。 NaviServer 4.99.4版本至4.99.19版本中的nsd/driver.c文件的‘ChunkedDecode’函数存在安全漏洞,该漏洞源于程序没有正确验证块的长度。远程攻击者可通过发送特制的分块传输请求利用该漏洞导致拒绝服务(进程崩溃)。
CVSS Information
N/A
Vulnerability Type
N/A