Is CVE-2020-35452 known to be exploited?

14 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Http Server

CVE-2020-35452

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though som…

EPSS: 0.532 (98.8th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Http Server — versions 2.4.46, 2.4.43, 2.4.41

Public proof-of-concept exploits

References

httpd.apache.org/security/vulnerabilities_24.html (x_refsource_MISC)
lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cb… (x_refsource_MISC)
[httpd-announce] 20210609 CVE-2020-35452: mod_auth_digest possible stack overflow by one nul byte (mailing-list, x_refsource_MLIST)
[httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json (mailing-list, x_refsource_MLIST)
[oss-security] 20210609 CVE-2020-35452: Apache httpd: mod_auth_digest possible stack overflow by one nul byte (mailing-list, x_refsource_MLIST)
[debian-lts-announce] 20210709 [SECURITY] [DLA 2706-1] apache2 security update (mailing-list, x_refsource_MLIST)
DSA-4937 (vendor-advisory, x_refsource_DEBIAN)
GLSA-202107-38 (vendor-advisory, x_refsource_GENTOO)
FEDORA-2021-dce7e7738e (vendor-advisory, x_refsource_FEDORA)
FEDORA-2021-e3f6dd670d (vendor-advisory, x_refsource_FEDORA)

Frequently asked questions

What is CVE-2020-35452?: CVE-2020-35452 is a vulnerability in Apache Software Foundation Http Server. Published 2021-06-10.
Is CVE-2020-35452 known to be exploited?: 14 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.