Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 23 Mar 2018 21:50:00 -0500
From: Daniel Ruggeri <>
Subject: CVE-2018-1303: Possible out of bound read in mod_cache_socache

CVE-2018-1303: Possible out of bound read in mod_cache_socache

Severity: Low

Vendor: The Apache Software Foundation

Versions Affected:
httpd 2.4.5 to 2.4.29

A specially crafted HTTP request header could have crashed the Apache HTTP
Server prior to version 2.4.30 due to an out of bound read while preparing data
to be cached in shared memory. It could be used as a Denial of Service attack
against users of mod_cache_socache.

All httpd users should upgrade to 2.4.30 or later.

The issue was discovered by Robert Swiecki, bug found by honggfuzz


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.