CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27371 – libmicrohttpd: remote DoS
https://notcve.org/view.php?id=CVE-2023-27371
28 Feb 2023 — GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function. An out-of-bounds flaw was found in GNU's libmicrohttp... • https://git.gnunet.org/libmicrohttpd.git/commit/?id=6d6846e20bfdf4b3eb1b592c97520a532f724238 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2021-3466 – Gentoo Linux Security Advisory 202311-08
https://notcve.org/view.php?id=CVE-2021-3466
25 Mar 2021 — A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable. Se ha encontrado un fallo en libmicrohttpd. • https://bugzilla.redhat.com/show_bug.cgi?id=1939127 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.1EPSS: 0%CPEs: 16EXPL: 0CVE-2013-7038 – Gentoo Linux Security Advisory 201402-01
https://notcve.org/view.php?id=CVE-2013-7038
13 Dec 2013 — The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read. La función MHD_http_unescape en libmicrohttpd anterior a 0.9.32 podría permitir a un atacante remoto obtener información sensible o causar una denegación de servicio (caída) a través de vectores no especificados que provoquen lecturas fuera de rango Multiple vulnerabilities have been found i... • http://secunia.com/advisories/55903 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 16EXPL: 0CVE-2013-7039 – Gentoo Linux Security Advisory 201402-01
https://notcve.org/view.php?id=CVE-2013-7039
13 Dec 2013 — Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header. Desbordamiento de búfer basado en pila en la función MHD_digest_auth_check en libmicrohttpd anterior a 0.9.32, cuando MHD_OPTION_CONNECTION_MEMORY_LIMIT se establece en un valor grande, lo que permite a atacan... • http://secunia.com/advisories/55903 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •