Unrated severityNVD Advisory· Published Nov 22, 2019· Updated Aug 5, 2024
CVE-2019-19240
CVE-2019-19240
Description
Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak uninitialized data in a response.
Affected products
2- Embedthis/GoAheaddescription
Patches
Vulnerability mechanics
References
3- github.com/embedthis/goahead/issues/289mitrex_refsource_MISC
- github.com/embedthis/goahead/issues/290mitrex_refsource_MISC
- github.com/embedthis/goahead/releases/tag/v5.0.1mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.