Unrated severityNVD Advisory· Published Mar 16, 2020· Updated Aug 5, 2024
CVE-2019-19945
CVE-2019-19945
Description
uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large negative Content-Length value.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- OpenWrt/uhttpddescription
Patches
Vulnerability mechanics
References
2- github.com/openwrt/openwrt/commits/mastermitrex_refsource_MISC
- openwrt.org/advisory/2020-01-13-1mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.