PT-2019-11515 · Cherokee · Cherokee Web Server

Published

2019-07-22

Updated

2020-09-30

CVE-2019-1010218

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Cherokee Web server versions prior to a fixed version (no fixed version available, current stable version is 1.2.103)

Description: The issue is related to a buffer overflow, which can cause a crash. The component affected is the main Cherokee command. The attack vector involves overwriting argv[0] to an excessive length using execl.

Recommendations: For Cherokee Web server versions prior to a fixed version, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-120

Related Identifiers

CVE-2019-1010218

Affected Products

Cherokee Web Server

PT-2019-11515 · Cherokee · Cherokee Web Server

CVE-2019-1010218

Weakness Enumeration

Related Identifiers

Affected Products

References · 3