Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server.
This issue affects lua-http: all versions before commit ddab283.
References
Link | Resource |
---|---|
https://cert.pl/posts/2023/09/CVE-2023-4540/ | Patch Third Party Advisory |
https://github.com/daurnimator/lua-http/commit/ddab2835c583d45dec62680ca8d3cbde55e0bae6 | Patch |
https://https://cert.pl/en/posts/2023/09/CVE-2023-4540/ | Broken Link |
Configurations
History
13 Oct 2023, 01:30
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://https://cert.pl/en/posts/2023/09/CVE-2023-4540/ - Broken Link |
04 Oct 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Sep 2023, 16:48
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:daurnimator:lua-http:0.4:*:*:*:*:lua:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-755 | |
First Time |
Daurnimator
Daurnimator lua-http |
|
References | (MISC) https://github.com/daurnimator/lua-http/commit/ddab2835c583d45dec62680ca8d3cbde55e0bae6 - Patch | |
References | (MISC) https://cert.pl/posts/2023/09/CVE-2023-4540/ - Patch, Third Party Advisory |
05 Sep 2023, 12:54
Type | Values Removed | Values Added |
---|---|---|
Summary | Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. This issue affects lua-http: all versions before commit ddab283. | |
References |
|
05 Sep 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-05 08:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-4540
Mitre link : CVE-2023-4540
CVE.ORG link : CVE-2023-4540
JSON object : View
Products Affected
daurnimator
- lua-http
CWE
CWE-755
Improper Handling of Exceptional Conditions