CVE-2023-46586

CRITICAL9.1EPSS 0.41%
Published: 10/9/2024Modified: 4/28/2026
Also known as:DEBIAN-CVE-2023-46586

Description

cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks '\0' termination of the path for CGI scripts because strncpy is misused.

Affected packages (1)

CVSS scores

SourceVersionSeverityVector
osvCVSS 3.1CRITICAL9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References (1)