CVE-2023-40586

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 25, 2023
Updated: Sep 1, 2023
CWE ID 400

Summary

CVE-2023-40586 is a vulnerability affecting the OWASP Coraza WAF, a Golang library used for creating modsecurity-compatible web application firewalls. The issue stems from the misuse of the `log.Fatalf` function, which results in the application crashing when it receives specially crafted requests. The vulnerability is triggered when an error occurs during `mime.ParseMediaType` processing, leading to an immediate application crash. This security flaw has been addressed in Coraza WAF version 3.0.1.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share