Vulnerability Development mailing list archives

Are NULL pointer deref a security problem ?

From: Nicolas Gregoire <ngregoire () exaprobe com>
Date: Fri, 07 Dec 2001 12:53:53 +0100

From http://www.apache.org/dist/httpd/CHANGES_1.3 :


8< -------------------------------------------------------------------------------------------

Changes with Apache 1.3.21

[snip]

  *) ErrorDocument 404 pointing to a parsed html file with a
     <!--#include virtual="file" --> with a request URI containing
     %2f would result in a segfault (NULL pointer deref, not a
     security problem).  [Jeff Moe <tux () themoes org>, Dean Gaudet] PR#8362

8< -------------------------------------------------------------------------------------------

Nicolas Grégoire

Current thread:

Are NULL pointer deref a security problem ? Nicolas Gregoire (Dec 07)
- <Possible follow-ups>
- Re: Are NULL pointer deref a security problem ? zeno (Dec 07)
- Fwd: re: Are NULL pointer deref a security problem ? Nicolas Gregoire (Dec 11)