Marshall Hallenbeck

**Name of the Vulnerable Software and Affected Versions** Hydra versions prior to 0.1.9 **Description** The issue arises from a NULL pointer dereference and daemon crash when processing POST requests that lack a Content-Length header. This is attributed to the `process header end()` function, which calls `boa atoi()`, ultimately leading to `atoi()` being called on a NULL pointer. The files `read.c`, `request.c`, and `util.c` are involved in this process. **Recommendations** For Hydra versions prior to 0.1.9, consider updating to a version that includes a fix for this issue to prevent daemon crashes when handling specific POST requests. As a temporary workaround, consider restricting access to the `process header end()` function or ensuring that all POST requests include a valid Content-Length header until a patch is available.