DEBIAN-CVE-2020-35452

DEBIAN-CVE-2020-35452 PUBLISHED CVSS 7.300000190734863 HIGH

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow

Risk Scores

CVSS v3.1

7.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Products

Vendor	Product	Versions
Debian:11	apache2	0, 0, 0
Debian:12	apache2	0, 0, 0
Debian:14	apache2	0, 0, 0
Debian:13	apache2	0, 0, 0

Timeline

Jun 10, 2021 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2020-35452 advisory

Open in Interactive Console →