CVE-2019-5096

Name of the Vulnerable Software and Affected Versions GoAhead web server versions v3.6.5, v4.1.1, v5.0.1

Description A code execution issue exists in the processing of multi-part/form-data requests within the base GoAhead web server application. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this request, corrupting heap structures and potentially leading to full code execution. The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server.

Recommendations For version v3.6.5, update to a version that fixes the use-after-free condition in the processing of multi-part/form-data requests. For version v4.1.1, update to a version that fixes the use-after-free condition in the processing of multi-part/form-data requests. For version v5.0.1, update to a version that fixes the use-after-free condition in the processing of multi-part/form-data requests.