Unrated severityNVD Advisory· Published Oct 9, 2024· Updated Oct 20, 2024

CVE-2024-46292

Description

A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usable with very large values of SecRequestBodyNoFilesLimit (which are required by the claimed issue).

Affected products

modsecurity/modsecuritydescription
osv-coords2 versions
pkg:bitnami/modsecurity pkg:bitnami/modsecurity2
>= 3.0.12, < 3.0.13+ 1 more
- (no CPE)range: >= 3.0.12, < 3.0.13
- (no CPE)range: >= 3.0.12, <= 3.0.12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/owasp-modsecurity/ModSecurity/blob/v3/master/README.mdmitre
github.com/yoloflz101/yoloflz/blob/main/README.mdmitre
modsecurity.org/20241011/about-cve-2024-46292-2024-october/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000