PT-2023-9787 · Openbsd · Httpd+1
Published
2023-11-21
·
Updated
2025-09-23
·
CVE-2024-11148
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
OpenBSD versions 7.3 through 7.4 before errata 006 and 7.3 before errata 020
OpenBSD version 7.3 before errata 020
Description
The issue is related to a NULL dereference when handling a malformed fastcgi request in the httpd(8) service. This can potentially allow a remote attacker to cause a denial of service.
Recommendations
For OpenBSD versions 7.3 through 7.4 before errata 006, apply errata 006 to resolve the issue.
For OpenBSD version 7.3 before errata 020, apply errata 020 to resolve the issue.
As a temporary workaround, consider restricting access to the httpd(8) service until the errata can be applied.
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openbsd
Httpd