CVE-2023-27371 – libmicrohttpd: remote DoS
https://notcve.org/view.php?id=CVE-2023-27371
GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function. An out-of-bounds flaw was found in GNU's libmicrohttpd due to improper parsing of a multipart/form-data boundary in the MHD_create_post_processor() method in postprocessor.c. This flaw allows an attacker to remotely send a malicious HTTP POST packet that includes one or more ‘\0’ bytes in a multipart/form-data boundary field, which, assuming a specific heap layout, will result in an out-of-bounds read and a crash in the find_boundary() function, causing a denial of service. • https://git.gnunet.org/libmicrohttpd.git/commit/?id=6d6846e20bfdf4b3eb1b592c97520a532f724238 https://github.com/0xhebi/CVEs/tree/main/GNU%20Libmicrohttpd https://lists.debian.org/debian-lts-announce/2023/03/msg00029.html https://lists.gnu.org/archive/html/libmicrohttpd/2023-02/msg00000.html https://access.redhat.com/security/cve/CVE-2023-27371 https://bugzilla.redhat.com/show_bug.cgi?id=2174313 • CWE-125: Out-of-bounds Read •
CVE-2021-3466
https://notcve.org/view.php?id=CVE-2021-3466
A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable. Se ha encontrado un fallo en libmicrohttpd. • https://bugzilla.redhat.com/show_bug.cgi?id=1939127 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4334XJNDJPYQNFE6S3S2KUJJ7TMHYCWL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75HDMREKITMGPGE62NP7KE62ZJVLETXN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K5NEPVGP3L2CZHLZ4UB44PEILHKPDBOG https://security.gentoo.org/glsa/202311-08 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2013-7038
https://notcve.org/view.php?id=CVE-2013-7038
The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read. La función MHD_http_unescape en libmicrohttpd anterior a 0.9.32 podría permitir a un atacante remoto obtener información sensible o causar una denegación de servicio (caída) a través de vectores no especificados que provoquen lecturas fuera de rango • http://secunia.com/advisories/55903 http://security.gentoo.org/glsa/glsa-201402-01.xml http://www.openwall.com/lists/oss-security/2013/12/09/11 http://www.securityfocus.com/bid/64138 https://bugs.gentoo.org/show_bug.cgi?id=493450 https://bugzilla.redhat.com/show_bug.cgi?id=1039384 https://gnunet.org/svn/libmicrohttpd/ChangeLog • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-7039
https://notcve.org/view.php?id=CVE-2013-7039
Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header. Desbordamiento de búfer basado en pila en la función MHD_digest_auth_check en libmicrohttpd anterior a 0.9.32, cuando MHD_OPTION_CONNECTION_MEMORY_LIMIT se establece en un valor grande, lo que permite a atacantes remotos provocar una denegación de servicio (caída) o posibilitar ejecutar código arbitrario a través de una URI muy larga en una cabecera de autenticación • http://secunia.com/advisories/55903 http://security.gentoo.org/glsa/glsa-201402-01.xml http://www.openwall.com/lists/oss-security/2013/12/09/11 http://www.securityfocus.com/bid/64138 https://bugs.gentoo.org/show_bug.cgi?id=493450 https://bugzilla.redhat.com/show_bug.cgi?id=1039390 https://gnunet.org/svn/libmicrohttpd/ChangeLog • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •