CVE-2024-11148 Information

Description

In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020 httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request.

Reference

https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/020_httpd.patch.sig url https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/006_httpd.patch.sig url