{"id":"CVE-2016-2146","details":"The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data.","modified":"2026-03-15T22:05:35.480482Z","published":"2016-04-15T14:59:12.083Z","references":[{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179085.html"},{"type":"WEB","url":"https://sympa.uninett.no/lists/uninett.no/arc/modmellon/2016-03/msg00000.html"},{"type":"FIX","url":"https://github.com/UNINETT/mod_auth_mellon/pull/71"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/uninett/mod_auth_mellon","events":[{"introduced":"0"},{"last_affected":"cee415cfe12655dd0b511442bf96e36e8c07364d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.11.0"}]}}],"versions":["v0.10.0","v0.11.0","v0.4.0","v0.5.0","v0.6.0","v0.6.0-rc1","v0.6.1","v0.7.0","v0.8.0","v0.9.0","v0.9.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2146.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"23"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}