How severe is CVE-2019-16200?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2019-16200?

This is classified as CWE-681, which is a common weakness in software security.

CVE-2019-16200 - HIGH Severity | CVSS 7.5

Vulnerability Description

GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The problem exists in the http_cgi_write function under http-cgi.c; however, exploitation might show svz_envblock_add in libserveez/passthrough.c as the location of the heap-based buffer over-read.

Related Vulnerabilities

CVE-2015-3406

HIGH

CVSS:7.5(High)

The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.

CWE-6812015

CVE-2019-9749

HIGH

CVSS:7.5(High)

An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker (server), it mishandles incoming network messages. After processing a crafted pack...

CWE-6812019

CVE-2020-6582

HIGH

CVSS:7.5(High)

Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.

CWE-6812020

CVE-2021-27218

HIGH

CVSS:7.5(High)

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated mod...

CWE-6812021

CVE-2021-27219

HIGH

CVSS:7.5(High)

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The ...

CWE-6812021

CVE-2021-27478

HIGH

CVSS:7.5(High)

A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may cause a denial-of-service condition.

CWE-6812021