CVE-2024-46292

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-46292

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-46292.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-46292

Aliases

Downstream

UBUNTU-CVE-2024-46292

Published

2024-10-09T16:15:04Z

Modified

2025-07-05T16:52:24.034083Z

Summary

[none]

Details

A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usable with very large values of SecRequestBodyNoFilesLimit (which are required by the claimed issue).

References

Affected packages

Git / github.com/owasp-modsecurity/modsecurity

Affected ranges

Type: GIT
Repo: https://github.com/owasp-modsecurity/modsecurity
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

5f44383236b94ef8066529861d0b4d603f9b3bcb

Affected versions

v2.*

v2.7.2

v2.7.3

v2.7.4

v2.7.5

v2.7.6

v2.7.7

v2.9.0

v2.9.0-rc1

v2.9.0-rc2

v3.*

v3.0.0

v3.0.0-rc1

v3.0.1

v3.0.10

v3.0.11

v3.0.12

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.0.7

v3.0.8

v3.0.9