Skip to main content

Uncaught Exception

CVE-2014-4179

Severity High
Score 7.5/10

Summary

Yar prior to 2.2.0 is affected by a denial of service vulnerability related to an invalid encrypted session cookie value. When an invalid encryped session cookie value is provided, the process will crash.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-248 - Uncaught Exception

An exception is thrown from a function, but it is not caught.

Advisory Timeline

  • Published