ALPINE-CVE-2020-35452

ALPINE-CVE-2020-35452 PUBLISHED CVSS 7.300000190734863 HIGH

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow

Risk Scores

CVSS v3.1

7.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Products

Vendor	Product	Versions
Alpine:v3.14	apache2	2.4.9-r1, 0, 2.2.16-r0
Alpine:v3.11	apache2	2.4.10-r0, 2.4.9-r1, 2.4.9-r0
Alpine:v3.19	apache2	2.2.17-r5, 2.2.16-r2, 2.4.20-r0
Alpine:v3.15	apache2	2.2.17-r3, 2.4.9-r1, 2.4.9-r0
Alpine:v3.18	apache2	2.4.23-r6, 2.4.23-r7, 2.4.23-r8
Alpine:v3.20	apache2	0, 2.2.16-r0, 2.2.16-r2
Alpine:v3.22	apache2	0, 2.4.9-r1, 2.4.9-r0
Alpine:v3.12	apache2	2.4.23-r4, 2.4.9-r1, 2.4.9-r0
Alpine:v3.21	apache2	2.4.3-r1, 2.4.3-r2, 2.4.33-r0
Alpine:v3.10	apache2	2.4.18-r0, 2.4.18-r1, 2.4.17-r5
Alpine:v3.17	apache2	2.4.3-r0, 2.4.3-r1, 2.4.3-r2
Alpine:v3.23	apache2	0, 2.4.9-r1, 2.4.9-r0
Alpine:v3.13	apache2	0, 2.4.9-r1, 2.4.9-r0
Alpine:v3.16	apache2	0, 2.4.9-r1, 2.4.9-r0

Timeline

Jun 10, 2021 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2020-35452 advisory

Open in Interactive Console →