Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Naviserver Project Subscribe
Filtered by product Naviserver
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-13111 1 Naviserver Project 1 Naviserver 2021-07-21 5.0 MEDIUM 7.5 HIGH
NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/driver.c ChunkedDecode function not properly validating the length of a chunk. A remote attacker can craft a chunked-transfer request that will result in a negative value being passed to memmove via the size parameter, causing the process to crash.