{"id":"CVE-2016-2146","details":"The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data.","modified":"2026-04-11T12:01:04.361822Z","published":"2016-04-15T14:59:12.083Z","database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"23"}],"source":"CPE_FIELD"}]},"references":[{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179085.html"},{"type":"WEB","url":"https://sympa.uninett.no/lists/uninett.no/arc/modmellon/2016-03/msg00000.html"},{"type":"FIX","url":"https://github.com/UNINETT/mod_auth_mellon/pull/71"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/uninett/mod_auth_mellon","events":[{"introduced":"0"},{"last_affected":"cee415cfe12655dd0b511442bf96e36e8c07364d"}],"database_specific":{"cpe":"cpe:2.3:a:uninett:mod_auth_mellon:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"0.11.0"}],"source":"CPE_FIELD"}}],"versions":["v0.10.0","v0.11.0","v0.4.0","v0.5.0","v0.6.0","v0.6.0-rc1","v0.6.1","v0.7.0","v0.8.0","v0.9.0","v0.9.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2146.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}