How severe is CVE-2019-5096?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2019-5096?

This is classified as CWE-416, which is a common weakness in software security.

CVE-2019-5096

CRITICAL Year: 2019

CVSS v3 Score

9.8

Critical

CVSS v2 Score

7.5

High

Weakness Type

CWE-416

View all →

Vulnerability Description

An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this request that can be used to corrupt heap structures that could lead to full code execution. The request can be unauthenticated in the form of GET or POST requests, and does not require the requested resource to exist on the server.

CVE-2008-5038

CRITICAL

CVSS:9.8(Critical)

Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of serv...

CWE-4162008

CVE-2010-2941

CRITICAL

CVSS:9.8(Critical)

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-fr...

CWE-4162010

CVE-2010-4197

CRITICAL

CVSS:9.8(Critical)

Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have un...

CWE-4162010

CVE-2010-4201

CRITICAL

CVSS:9.8(Critical)

Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control select...

CWE-4162010

CVE-2013-5613

CRITICAL

CVSS:9.8(Critical)

Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows r...

CWE-4162013

CVE-2013-5616

CRITICAL

CVSS:9.8(Critical)

Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23...

CWE-4162013

CVE-2019-5096

Vulnerability Description

Related Vulnerabilities

CVE-2008-5038

CVE-2010-2941

CVE-2010-4197

CVE-2010-4201

CVE-2013-5613

CVE-2013-5616