CVE-2020-35452 vulnerability in Apache and Other Products
Published on June 10, 2021
mod_auth_digest possible stack overflow by one nul byte
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow
Products Associated with CVE-2020-35452
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-35452 are published in these products:
Affected Versions
Apache Software Foundation Apache HTTP Server:- Version 2.4.46 is affected.
- Version 2.4.43 is affected.
- Version 2.4.41 is affected.
- Version 2.4.39 is affected.
- Version 2.4.38 is affected.
- Version 2.4.37 is affected.
- Version 2.4.35 is affected.
- Version 2.4.34 is affected.
- Version 2.4.33 is affected.
- Version 2.4.29 is affected.
- Version 2.4.28 is affected.
- Version 2.4.27 is affected.
- Version 2.4.26 is affected.
- Version 2.4.25 is affected.
- Version 2.4.23 is affected.
- Version 2.4.20 is affected.
- Version 2.4.18 is affected.
- Version 2.4.17 is affected.
- Version 2.4.16 is affected.
- Version 2.4.12 is affected.
- Version 2.4.10 is affected.
- Version 2.4.9 is affected.
- Version 2.4.7 is affected.
- Version 2.4.6 is affected.
- Version 2.4.4 is affected.
- Version 2.4.3 is affected.
- Version 2.4.2 is affected.
- Version 2.4.1 is affected.
- Version 2.4.0 is affected.
Exploit Probability
EPSS
10.29%
Percentile
93.03%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.