CVE-2019-12412

Name of the Vulnerable Software and Affected Versions libapreq2 versions 2.07 through 2.13

Description The issue is related to a flaw in the libapreq2 multipart parser, which can cause a null pointer dereference, leading to a process crash. A remote attacker could exploit this by sending a specially crafted HTTP request, potentially resulting in a denial of service attack.

Recommendations For libapreq2 versions 2.07 through 2.13, consider disabling the create multipart context() function as a temporary workaround until a patch is available. Restrict access to the multipart parser to minimize the risk of exploitation. Avoid using the vulnerable multipart parser in HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.