CVE-2024-11148

Summary

In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request.

Affected Software

VendorProductVersion RangeStatus
OpenBSDOpenBSD7.4 < 7.4 errata 006affected
OpenBSDOpenBSD7.4 errata 006unaffected
OpenBSDOpenBSD7.3 < 7.3 errata 020affected
OpenBSDOpenBSD7.3 errata 020unaffected

Weaknesses

  • CWE-476: CWE-476 NULL Pointer Dereference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References