Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-46292

A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usable with very large values of SecRequestBodyNoFilesLimit (which are required by the claimed issue).

Published

2024-10-09T16:15:04.373

Last Modified

2025-06-17T15:49:56.567

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	trustwave	modsecurity	3.0.12	Yes

References

https://github.com/owasp-modsecurity/ModSecurity/blob/v3/master/README.md Vendor Advisory ([email protected])
https://github.com/yoloflz101/yoloflz/blob/main/README.md Broken Link ([email protected])
https://modsecurity.org/20241011/about-cve-2024-46292-2024-october/ Vendor Advisory ([email protected])