CVE-2020-12845

Name of the Vulnerable Software and Affected Versions Cherokee versions 0.4.27 through 1.2.104

Description The issue is a denial of service caused by NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header. This header is mishandled during a cherokee buffer add call within cherokee validator parse basic or cherokee validator parse digest functions.

Recommendations For Cherokee versions 0.4.27 through 1.2.104, as a temporary workaround, consider restricting access to protected resources to minimize the risk of exploitation. Avoid using malformed Authorization headers in HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.