CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27371 – libmicrohttpd: remote DoS
https://notcve.org/view.php?id=CVE-2023-27371
28 Feb 2023 — GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function. An out-of-bounds flaw was found in GNU's libmicrohttp... • https://git.gnunet.org/libmicrohttpd.git/commit/?id=6d6846e20bfdf4b3eb1b592c97520a532f724238 • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 16EXPL: 0CVE-2013-7038 – Gentoo Linux Security Advisory 201402-01
https://notcve.org/view.php?id=CVE-2013-7038
13 Dec 2013 — The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read. La función MHD_http_unescape en libmicrohttpd anterior a 0.9.32 podría permitir a un atacante remoto obtener información sensible o causar una denegación de servicio (caída) a través de vectores no especificados que provoquen lecturas fuera de rango Multiple vulnerabilities have been found i... • http://secunia.com/advisories/55903 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 16EXPL: 0CVE-2013-7039 – Gentoo Linux Security Advisory 201402-01
https://notcve.org/view.php?id=CVE-2013-7039
13 Dec 2013 — Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header. Desbordamiento de búfer basado en pila en la función MHD_digest_auth_check en libmicrohttpd anterior a 0.9.32, cuando MHD_OPTION_CONNECTION_MEMORY_LIMIT se establece en un valor grande, lo que permite a atacan... • http://secunia.com/advisories/55903 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •