CVE-2023-27371 – libmicrohttpd: remote DoS
https://notcve.org/view.php?id=CVE-2023-27371
GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function. An out-of-bounds flaw was found in GNU's libmicrohttpd due to improper parsing of a multipart/form-data boundary in the MHD_create_post_processor() method in postprocessor.c. This flaw allows an attacker to remotely send a malicious HTTP POST packet that includes one or more ‘\0’ bytes in a multipart/form-data boundary field, which, assuming a specific heap layout, will result in an out-of-bounds read and a crash in the find_boundary() function, causing a denial of service. • https://git.gnunet.org/libmicrohttpd.git/commit/?id=6d6846e20bfdf4b3eb1b592c97520a532f724238 https://github.com/0xhebi/CVEs/tree/main/GNU%20Libmicrohttpd https://lists.debian.org/debian-lts-announce/2023/03/msg00029.html https://lists.gnu.org/archive/html/libmicrohttpd/2023-02/msg00000.html https://access.redhat.com/security/cve/CVE-2023-27371 https://bugzilla.redhat.com/show_bug.cgi?id=2174313 • CWE-125: Out-of-bounds Read •
CVE-2021-3466
https://notcve.org/view.php?id=CVE-2021-3466
A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable. Se ha encontrado un fallo en libmicrohttpd. • https://bugzilla.redhat.com/show_bug.cgi?id=1939127 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4334XJNDJPYQNFE6S3S2KUJJ7TMHYCWL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75HDMREKITMGPGE62NP7KE62ZJVLETXN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K5NEPVGP3L2CZHLZ4UB44PEILHKPDBOG https://security.gentoo.org/glsa/202311-08 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •