FKIE_CVE-2024-11148
Vulnerability from fkie_nvd - Published: 2024-12-05 20:15 - Updated: 2025-09-23 12:22
Severity ?
Summary
In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openbsd | openbsd | * | |
| openbsd | openbsd | 7.3 | |
| openbsd | openbsd | 7.3 | |
| openbsd | openbsd | 7.3 | |
| openbsd | openbsd | 7.3 | |
| openbsd | openbsd | 7.3 | |
| openbsd | openbsd | 7.3 | |
| openbsd | openbsd | 7.3 | |
| openbsd | openbsd | 7.3 | |
| openbsd | openbsd | 7.3 | |
| openbsd | openbsd | 7.3 | |
| openbsd | openbsd | 7.3 | |
| openbsd | openbsd | 7.3 | |
| openbsd | openbsd | 7.3 | |
| openbsd | openbsd | 7.3 | |
| openbsd | openbsd | 7.3 | |
| openbsd | openbsd | 7.3 | |
| openbsd | openbsd | 7.3 | |
| openbsd | openbsd | 7.3 | |
| openbsd | openbsd | 7.3 | |
| openbsd | openbsd | 7.3 | |
| openbsd | openbsd | 7.3 | |
| openbsd | openbsd | 7.4 | |
| openbsd | openbsd | 7.4 | |
| openbsd | openbsd | 7.4 | |
| openbsd | openbsd | 7.4 | |
| openbsd | openbsd | 7.4 | |
| openbsd | openbsd | 7.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "131B4208-6843-40D3-8818-159D1204BD0E",
"versionEndExcluding": "7.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C8A4344-6ABE-4626-ADA4-3FA91F8D76C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:-:*:*:*:*:*:*",
"matchCriteriaId": "7BAA0C9B-7CEA-4647-809F-027EB34C142E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_001:*:*:*:*:*:*",
"matchCriteriaId": "B3CC37B8-46C0-407B-8DE4-2B5BC36BA969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_002:*:*:*:*:*:*",
"matchCriteriaId": "D53FE3CA-1A90-4783-8AC2-C0B4CF6F052D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_003:*:*:*:*:*:*",
"matchCriteriaId": "9C32DD2B-BBE0-4031-B105-743E4058B4A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_004:*:*:*:*:*:*",
"matchCriteriaId": "3F481F84-81C2-4E5F-BD60-4C46CD3DD603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_005:*:*:*:*:*:*",
"matchCriteriaId": "DCAE527B-1176-4759-B903-59A72245517B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_006:*:*:*:*:*:*",
"matchCriteriaId": "90AFDC54-DCAD-46F5-8198-3632335D5529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_007:*:*:*:*:*:*",
"matchCriteriaId": "C7289DE0-7A7C-4535-BCA8-23D882468D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_008:*:*:*:*:*:*",
"matchCriteriaId": "40791FF0-EFA3-4471-BCEB-0E1F36ABF973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_009:*:*:*:*:*:*",
"matchCriteriaId": "2AE8017A-F84D-4A8E-BAF0-8AC795D74FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_010:*:*:*:*:*:*",
"matchCriteriaId": "FFFC349B-AA6F-4286-8440-699D1F8A934A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_011:*:*:*:*:*:*",
"matchCriteriaId": "B5AD12A6-74D4-4696-8126-402E61995D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_012:*:*:*:*:*:*",
"matchCriteriaId": "A9921E2D-DC9B-46FB-A01F-540C4B721D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_013:*:*:*:*:*:*",
"matchCriteriaId": "CEFF0DA3-7CF7-42EB-9AA8-914EFD83466A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_014:*:*:*:*:*:*",
"matchCriteriaId": "2745D88C-769F-476C-AF70-29EDF609DC55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_015:*:*:*:*:*:*",
"matchCriteriaId": "9E14AA44-11A5-466D-8C56-C0618F99AC51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_016:*:*:*:*:*:*",
"matchCriteriaId": "780A311D-A244-41A9-B5DB-C4B551F33C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_017:*:*:*:*:*:*",
"matchCriteriaId": "C5EE5EE8-0CFB-488C-B4C4-20E3D86C19F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_018:*:*:*:*:*:*",
"matchCriteriaId": "7D2ABF3D-72F5-49BE-B2D4-B38BFA359A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_019:*:*:*:*:*:*",
"matchCriteriaId": "D0278726-8CA0-46D6-9080-E18BD37DA449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:-:*:*:*:*:*:*",
"matchCriteriaId": "AC3B964B-B0DA-4ED4-92CA-22CA55FB1799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:errata_001:*:*:*:*:*:*",
"matchCriteriaId": "6AFCBC1B-71F7-48E0-B276-8FDC3150E6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:errata_002:*:*:*:*:*:*",
"matchCriteriaId": "DD66EC2F-ACFA-436D-81AB-AB1B0DF9A262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:errata_003:*:*:*:*:*:*",
"matchCriteriaId": "17D59A8B-EAE5-4E22-939A-EB7DF64A6F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:errata_004:*:*:*:*:*:*",
"matchCriteriaId": "B6CAD278-E505-40F7-9FDB-EF46E38CBECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:7.4:errata_005:*:*:*:*:*:*",
"matchCriteriaId": "985AA19C-C3F9-4DD3-BFE8-CF481D6FFC42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request."
},
{
"lang": "es",
"value": "En OpenBSD 7.4 antes de la errata 006 y OpenBSD 7.3 antes de la errata 020, httpd(8) es vulnerable a una desreferencia NULL al manejar una solicitud fastcgi malformada."
}
],
"id": "CVE-2024-11148",
"lastModified": "2025-09-23T12:22:43.550",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary"
}
]
},
"published": "2024-12-05T20:15:21.577",
"references": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Patch"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/020_httpd.patch.sig"
},
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Patch"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/006_httpd.patch.sig"
}
],
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…