Monkey HTTP Server NULL Pointer Dereference Vulnerability in Range Parsing Function Allowing Denial-of-Service

A NULL pointer dereference vulnerability has been identified in the Monkey HTTP Server, specifically in the mk_http_range_parse function within mk_server/mk_http.c, all versions prior to the latest commit f37e984. This vulnerability allows attackers to cause a Denial of Service (DoS) by sending a crafted HTTP request that exploits the range parsing logic. The issue arises when the 'Range' header is manipulated to create a condition where the parser dereferences a null pointer, leading to a segmentation fault and crashing the server.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a Denial of Service condition where the server crashes and becomes unresponsive.

Reproduction

To reproduce this vulnerability, send an HTTP request to the Monkey HTTP Server with a 'Range' header that starts with 'bytes', followed by a null character, and then includes a dash and an equal sign, with the dash positioned before the equal sign. This crafted range value will trigger the NULL pointer dereference in the mk_http_range_parse function, causing the server to crash.