High severity7.5NVD Advisory· Published Sep 5, 2017· Updated May 13, 2026
CVE-2017-14149
CVE-2017-14149
Description
GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request.
Affected products
20cpe:2.3:a:embedthis:goahead:3.4.0:*:*:*:*:*:*:*+ 19 more
- cpe:2.3:a:embedthis:goahead:3.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:embedthis:goahead:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:embedthis:goahead:3.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:embedthis:goahead:3.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:embedthis:goahead:3.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:embedthis:goahead:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:embedthis:goahead:3.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:embedthis:goahead:3.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:embedthis:goahead:3.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:embedthis:goahead:3.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:embedthis:goahead:3.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:embedthis:goahead:3.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:embedthis:goahead:3.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:embedthis:goahead:3.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:embedthis:goahead:3.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:embedthis:goahead:3.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:embedthis:goahead:3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:embedthis:goahead:3.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:embedthis:goahead:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:embedthis:goahead:3.6.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/shadow4u/goaheaddebug/blob/master/README.mdnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.