CVE-2023-40586

Summary

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of log.Fatalf, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an error in mime.ParseMediaType. This issue was patched in version 3.0.1.

Affected Software

VendorProductVersion RangeStatus
corazawafcoraza< 3.0.1affected

Weaknesses

  • CWE-400: CWE-400: Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References