Red Hat: CVE-2006-20001: out-of-bounds read/write of zero byte (Multiple Advisories)

Red Hat: CVE-2006-20001: out-of-bounds read/write of zero byte (Multiple Advisories)

Severity

8

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

01/17/2023

Created

02/22/2023

Added

02/22/2023

Modified

01/28/2025

Description

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier.

Solution(s)

• redhat-upgrade-httpd
• redhat-upgrade-httpd-core
• redhat-upgrade-httpd-core-debuginfo
• redhat-upgrade-httpd-debuginfo
• redhat-upgrade-httpd-debugsource
• redhat-upgrade-httpd-devel
• redhat-upgrade-httpd-filesystem
• redhat-upgrade-httpd-manual
• redhat-upgrade-httpd-tools
• redhat-upgrade-httpd-tools-debuginfo
• redhat-upgrade-mod_http2
• redhat-upgrade-mod_http2-debuginfo
• redhat-upgrade-mod_http2-debugsource
• redhat-upgrade-mod_ldap
• redhat-upgrade-mod_ldap-debuginfo
• redhat-upgrade-mod_lua
• redhat-upgrade-mod_lua-debuginfo
• redhat-upgrade-mod_md
• redhat-upgrade-mod_md-debuginfo
• redhat-upgrade-mod_md-debugsource
• redhat-upgrade-mod_proxy_html
• redhat-upgrade-mod_proxy_html-debuginfo
• redhat-upgrade-mod_session
• redhat-upgrade-mod_session-debuginfo
• redhat-upgrade-mod_ssl
• redhat-upgrade-mod_ssl-debuginfo

References

• CVE-2006-20001
• RHSA-2023:0852
• RHSA-2023:0970