Uncaught Exception
CVE-2014-4179
Summary
Yar prior to 2.2.0 is affected by a denial of service vulnerability related to an invalid encrypted session cookie value. When an invalid encryped session cookie value is provided, the process will crash.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-248 - Uncaught Exception
An exception is thrown from a function, but it is not caught.
References
Advisory Timeline
- Published