CVE-2024-11148

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 5, 2024
CWE ID 476

Summary

CVE-2024-11148 is a newly disclosed vulnerability affecting OpenBSD's httpd(8) server in versions 7.4 before errata 006 and 7.3 before errata 020. The flaw arises from the server's inability to handle malformed fastcgi requests properly, leading to a NULL dereference. An attacker could potentially exploit this vulnerability by sending a crafted fastcgi request to the server, causing it to crash or, in some cases, gain unauthorized access. This issue poses a significant risk to systems running the affected OpenBSD versions and should be addressed promptly by applying the relevant errata.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share