The vulnerability is caused due to a NULL pointer dereference error when handling errors and can be exploited to cause the process to crash via e.g. a large HTTP "Content-Length" header value.

 

Details