CVE-2019-3995

Name of the Vulnerable Software and Affected Versions ELOG versions 3.1.4-57bea22 and below

Description The issue is related to a denial of service vulnerability caused by a NULL pointer dereference. A remote unauthenticated attacker can crash the ELOG server by sending a crafted HTTP GET request to a vulnerable API endpoint, such as "/api/elog".

Recommendations For ELOG versions 3.1.4-57bea22 and below, consider restricting access to the ELOG server until a fix is available to prevent potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.