CVE-2013-7038
Severity Score
6.4
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read.
La función MHD_http_unescape en libmicrohttpd anterior a 0.9.32 podría permitir a un atacante remoto obtener información sensible o causar una denegación de servicio (caída) a través de vectores no especificados que provoquen lecturas fuera de rango
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-12-09 CVE Reserved
- 2013-12-13 CVE Published
- 2023-07-26 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/55903 | Third Party Advisory | |
| http://www.openwall.com/lists/oss-security/2013/12/09/11 | Mailing List |
|
| http://www.securityfocus.com/bid/64138 | Vdb Entry | |
| https://bugs.gentoo.org/show_bug.cgi?id=493450 | X_refsource_confirm | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1039384 | X_refsource_confirm | |
| https://gnunet.org/svn/libmicrohttpd/ChangeLog | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-201402-01.xml | 2014-02-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnu Search vendor "Gnu" | Libmicrohttpd Search vendor "Gnu" for product "Libmicrohttpd" | <= 0.9.31 Search vendor "Gnu" for product "Libmicrohttpd" and version " <= 0.9.31" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Libmicrohttpd Search vendor "Gnu" for product "Libmicrohttpd" | 0.9.16 Search vendor "Gnu" for product "Libmicrohttpd" and version "0.9.16" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Libmicrohttpd Search vendor "Gnu" for product "Libmicrohttpd" | 0.9.17 Search vendor "Gnu" for product "Libmicrohttpd" and version "0.9.17" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Libmicrohttpd Search vendor "Gnu" for product "Libmicrohttpd" | 0.9.18 Search vendor "Gnu" for product "Libmicrohttpd" and version "0.9.18" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Libmicrohttpd Search vendor "Gnu" for product "Libmicrohttpd" | 0.9.19 Search vendor "Gnu" for product "Libmicrohttpd" and version "0.9.19" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Libmicrohttpd Search vendor "Gnu" for product "Libmicrohttpd" | 0.9.20 Search vendor "Gnu" for product "Libmicrohttpd" and version "0.9.20" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Libmicrohttpd Search vendor "Gnu" for product "Libmicrohttpd" | 0.9.21 Search vendor "Gnu" for product "Libmicrohttpd" and version "0.9.21" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Libmicrohttpd Search vendor "Gnu" for product "Libmicrohttpd" | 0.9.22 Search vendor "Gnu" for product "Libmicrohttpd" and version "0.9.22" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Libmicrohttpd Search vendor "Gnu" for product "Libmicrohttpd" | 0.9.23 Search vendor "Gnu" for product "Libmicrohttpd" and version "0.9.23" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Libmicrohttpd Search vendor "Gnu" for product "Libmicrohttpd" | 0.9.24 Search vendor "Gnu" for product "Libmicrohttpd" and version "0.9.24" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Libmicrohttpd Search vendor "Gnu" for product "Libmicrohttpd" | 0.9.25 Search vendor "Gnu" for product "Libmicrohttpd" and version "0.9.25" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Libmicrohttpd Search vendor "Gnu" for product "Libmicrohttpd" | 0.9.26 Search vendor "Gnu" for product "Libmicrohttpd" and version "0.9.26" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Libmicrohttpd Search vendor "Gnu" for product "Libmicrohttpd" | 0.9.27 Search vendor "Gnu" for product "Libmicrohttpd" and version "0.9.27" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Libmicrohttpd Search vendor "Gnu" for product "Libmicrohttpd" | 0.9.28 Search vendor "Gnu" for product "Libmicrohttpd" and version "0.9.28" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Libmicrohttpd Search vendor "Gnu" for product "Libmicrohttpd" | 0.9.29 Search vendor "Gnu" for product "Libmicrohttpd" and version "0.9.29" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Libmicrohttpd Search vendor "Gnu" for product "Libmicrohttpd" | 0.9.30 Search vendor "Gnu" for product "Libmicrohttpd" and version "0.9.30" | - |
Affected
| ||||||