QwikSec

Security Database

CVE

CWE

Training

CVE-2023-4540

Published: Sep 5, 2023

Modified: Apr 4, 2025

PUBLISHED

Description

Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. Such a request causes the program to enter an infinite loop. This issue affects lua-http: all versions before commit ddab283.

Vendor	Product	Versions
Daurnimator	lua-http	affected `0 - < commit ddab283`

Weaknesses (CWE)

References

https://github.com/daurnimator/lua-http/commit/ddab2835c583d45dec62680ca8d3cbde55e0bae6

patch

https://cert.pl/posts/2023/09/CVE-2023-4540/

third-party-advisory

https://cert.pl/en/posts/2023/09/CVE-2023-4540/

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.