Skip to main content

Hydra CVE-2019-17502

HIGH
NULL Pointer Dereference (CWE-476)
2019-10-12 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 12, 2019 - 20:15 nvd
HIGH 7.5

DescriptionNVD

Hydra through 0.1.8 has a NULL pointer dereference and daemon crash when processing POST requests that lack a Content-Length header. read.c, request.c, and util.c contribute to this. The process_header_end() function calls boa_atoi(), which ultimately calls atoi() on a NULL pointer.

AnalysisAI

Hydra through 0.1.8 has a NULL pointer dereference and daemon crash when processing POST requests that lack a Content-Length header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. Hydra through 0.1.8 has a NULL pointer dereference and daemon crash when processing POST requests that lack a Content-Length header. read.c, request.c, and util.c contribute to this. The process_header_end() function calls boa_atoi(), which ultimately calls atoi() on a NULL pointer. Affected products include: Hydra Project Hydra. Version information: through 0.1.8.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

More in Hydra

View all
CVE-2023-38701 CRITICAL POC
9.1 Oct 04

Hydra is the layer-two scalability solution for Cardano. Rated critical severity (CVSS 9.1), this vulnerability is remot

CVE-2023-42449 HIGH POC
8.1 Oct 04

Hydra is the two-layer scalability solution for Cardano. Rated high severity (CVSS 8.1), this vulnerability is remotely

CVE-2019-8400 MEDIUM POC
6.1 Feb 17

ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter. Rated medium

CVE-2023-42448 HIGH
8.1 Oct 04

Hydra is the layer-two scalability solution for Cardano. Rated high severity (CVSS 8.1), this vulnerability is remotely

CVE-2024-45049 HIGH
7.5 Aug 27

Hydra is a Continuous Integration service for Nix based projects. Rated high severity (CVSS 7.5), this vulnerability is

CVE-2023-42806 MEDIUM
6.5 Sep 21

Hydra is the layer-two scalability solution for Cardano. Rated medium severity (CVSS 6.5), this vulnerability is remotel

CVE-2024-32657 MEDIUM
5.4 Apr 22

Hydra is a Continuous Integration service for Nix based projects. Rated medium severity (CVSS 5.4), this vulnerability i

CVE-2020-5300 MEDIUM
5.3 Apr 06

In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17,

CVE-2025-32435 LOW
2.6 Apr 15

Hydra is a Continuous Integration service for Nix based projects. Rated low severity (CVSS 2.6), this vulnerability is r

CVE-2025-54864 MEDIUM
6.9 Aug 12

Hydra is a continuous integration service for Nix based projects. Rated medium severity (CVSS 6.9), this vulnerability i

CVE-2025-54800 HIGH
7.1 Aug 12

Hydra is a continuous integration service for Nix based projects. Rated high severity (CVSS 7.1), this vulnerability is

Share

CVE-2019-17502 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy