Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attackers to cause a denial of service (crash) via an x-header that causes snprintf overwrite the FFGET_FILE variable with a (null) byte.

Threat-Mapped Scoring

Score: 1.5

Priority: P4 - Informational (Low)

• S10 – Denial of Service

EPSS

Score: 0.01414
Percentile: 0.79662

CVSS Scoring

Mapped CWE(s)

• CWE-193 : Off-by-one Error

Affected Products

• cpe:2.3:a:pldaniels:altermime:0.1.10:*:*:*:*:*:*:*
• cpe:2.3:a:pldaniels:altermime:0.1.11:*:*:*:*:*:*:*

← Back to Home