How severe is CVE-2023-24021?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2023-24021?

This is classified as CWE-170, which is a common weakness in software security.

CVE-2023-24021

HIGH Year: 2023

CVSS v3 Score

7.5

High

Weakness Type

CWE-170

View all →

Vulnerability Description

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.

CVE-2019-11044

HIGH

CVSS:7.5(High)

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to...

CWE-1702019

CVE-2022-47515

HIGH

CVSS:7.5(High)

An issue was discovered in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service (daemon crash) via a long message in a TCP request that leads to std::length_error.

CWE-1702022

CVE-2023-36906

HIGH

CVSS:7.5(High)

Windows Cryptographic Services Information Disclosure Vulnerability

CWE-1702023

CVE-2023-36907

HIGH

CVSS:7.5(High)

Windows Cryptographic Services Information Disclosure Vulnerability

CWE-1702023

CVE-2024-31197

HIGH

CVSS:7.5(High)

Improper Null Termination vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of10::Port:unpack. This iss...

CWE-1702024

CVE-2024-43474

HIGH

CVSS:7.5(High)

Microsoft SQL Server Information Disclosure Vulnerability

CWE-1702024

CVE-2023-24021

Vulnerability Description

Related Vulnerabilities

CVE-2019-11044

CVE-2022-47515

CVE-2023-36906

CVE-2023-36907

CVE-2024-31197

CVE-2024-43474