Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 17 Jan 2023 19:06:20 +0000
From: Eric Covener <>
Subject: CVE-2006-20001: Apache HTTP Server: mod_dav out of  bounds read,
 or write of zero byte 

Severity: moderate


A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.

This issue affects Apache HTTP Server 2.4.54 and earlier.



2006-10-31: Described in first edition of "The Art of Software Security Assessment"
2022-08-10: Reported to security team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.