Home > Vulnerability Database > CVE-2020-35452

Mend.io Vulnerability Database

CVE-2020-35452

Date: June 10, 2021

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow

Severity Score

7.3

Related Resources (18)

Url: https://security.netapp.com/advisory/ntap-20210702-0001/

Url: https://lists.apache.org/thread.html/rccb1b8225583a48c6360edc7a93cc97ae8b0215791e455dc607e7602@%3Cannounce.httpd.apache.org%3E

Url: https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html

Url: http://www.openwall.com/lists/oss-security/2021/06/10/5

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-35452

Url: https://security-tracker.debian.org/tracker/CVE-2020-35452

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2020-35452

Url: https://security.alpinelinux.org/vuln/CVE-2020-35452

Url: https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E

Url: https://access.redhat.com/security/cve/CVE-2020-35452

Url: http://httpd.apache.org/security/vulnerabilities_24.html

Url: https://security.gentoo.org/glsa/202107-38

Url: https://www.debian.org/security/2021/dsa-4937

Url: https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/

Url: https://www.oracle.com/security-alerts/cpuoct2021.html

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/

Url: https://www.mend.io/vulnerability-database/CVE-2020-35452

Severity Score

7.3

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-35452

Date: June 10, 2021

Severity Score

Related Resources (18)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?