CVE-2024-46292

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Oct 9, 2024

Updated: Oct 21, 2024

CWE ID 120

Summary

CVE-2024-46292 is an identified buffer overflow vulnerability in modsecurity v3.0.12. This issue permits attackers to trigger a Denial of Service (DoS) condition by submitting specially crafted input to the name parameter. However, the existence and feasibility of this vulnerability are disputed by the supplier due to the requirement of unusually large values of SecRequestBodyNoFilesLimit for exploitation, which may not be supported by the product.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

ModSecurity

Affected Vendors

ModSecurity

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/yhnFbo
https://www.cve.org/CVERecord?id=CVE-2024-46292
https://nvd.nist.gov/vuln/detail/CVE-2024-46292

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners