CVE-2024-46292
7.5
HIGH
CVSS 3.1
EPSS 0.80%
Description
A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usable with very large values of SecRequestBodyNoFilesLimit (which are required by the claimed issue).
How to fix CVE-2024-46292
To remediate CVE-2024-46292, upgrade the affected package to a fixed version below.
- —upgrade to 3.0.13 or later
- —no fix listed
Is CVE-2024-46292 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 3.0.12, < 3.0.13
- >= 3.0.12, <= 3.0.12
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |