Vulnerabilites related to gnu - libmicrohttpd
Vulnerability from fkie_nvd
Published
2021-03-25 19:15
Modified
2024-11-21 06:21
Severity ?
Summary
A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | libmicrohttpd | 0.9.70 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.70:*:*:*:*:*:*:*",
"matchCriteriaId": "B308F982-C810-45E2-8178-DB29F9AA839D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable."
},
{
"lang": "es",
"value": "Se ha encontrado un fallo en libmicrohttpd. Una comprobaci\u00f3n de l\u00edmites ausente en la funci\u00f3n post_process_urlencoded conduce a un desbordamiento del b\u00fafer, lo que permite a un atacante remoto escribir datos arbitrarios en una aplicaci\u00f3n que utilice libmicrohttpd. La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, as\u00ed como la disponibilidad del sistema. S\u00f3lo la versi\u00f3n 0.9.70 es vulnerable"
}
],
"id": "CVE-2021-3466",
"lastModified": "2024-11-21T06:21:36.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-25T19:15:15.297",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939127"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4334XJNDJPYQNFE6S3S2KUJJ7TMHYCWL/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75HDMREKITMGPGE62NP7KE62ZJVLETXN/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K5NEPVGP3L2CZHLZ4UB44PEILHKPDBOG/"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/202311-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4334XJNDJPYQNFE6S3S2KUJJ7TMHYCWL/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75HDMREKITMGPGE62NP7KE62ZJVLETXN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K5NEPVGP3L2CZHLZ4UB44PEILHKPDBOG/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202311-08"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-28 20:15
Modified
2024-11-21 07:52
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | libmicrohttpd | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAC21CC-DA9B-4D96-A7F3-A5992C3D5537",
"versionEndExcluding": "0.9.76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more \u0027\\0\u0027 bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function."
}
],
"id": "CVE-2023-27371",
"lastModified": "2024-11-21T07:52:46.460",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-28T20:15:10.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://git.gnunet.org/libmicrohttpd.git/commit/?id=6d6846e20bfdf4b3eb1b592c97520a532f724238"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/0xhebi/CVEs/tree/main/GNU%20Libmicrohttpd"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00029.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.gnu.org/archive/html/libmicrohttpd/2023-02/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.gnunet.org/libmicrohttpd.git/commit/?id=6d6846e20bfdf4b3eb1b592c97520a532f724238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/0xhebi/CVEs/tree/main/GNU%20Libmicrohttpd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.gnu.org/archive/html/libmicrohttpd/2023-02/msg00000.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-13 18:55
Modified
2024-11-21 02:00
Severity ?
Summary
The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | libmicrohttpd | * | |
| gnu | libmicrohttpd | 0.9.16 | |
| gnu | libmicrohttpd | 0.9.17 | |
| gnu | libmicrohttpd | 0.9.18 | |
| gnu | libmicrohttpd | 0.9.19 | |
| gnu | libmicrohttpd | 0.9.20 | |
| gnu | libmicrohttpd | 0.9.21 | |
| gnu | libmicrohttpd | 0.9.22 | |
| gnu | libmicrohttpd | 0.9.23 | |
| gnu | libmicrohttpd | 0.9.24 | |
| gnu | libmicrohttpd | 0.9.25 | |
| gnu | libmicrohttpd | 0.9.26 | |
| gnu | libmicrohttpd | 0.9.27 | |
| gnu | libmicrohttpd | 0.9.28 | |
| gnu | libmicrohttpd | 0.9.29 | |
| gnu | libmicrohttpd | 0.9.30 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3F576D-E209-4442-84A0-F5720C0670B9",
"versionEndIncluding": "0.9.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.16:*:*:*:*:*:*:*",
"matchCriteriaId": "79204833-B005-4AEA-86FF-51DCC291C68D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.17:*:*:*:*:*:*:*",
"matchCriteriaId": "6946AFC5-A1ED-4804-B0D5-FD954D299EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.18:*:*:*:*:*:*:*",
"matchCriteriaId": "D0899B1B-7E70-41A5-B73E-BA1DBA2320C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.19:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA9A39A-8223-495B-9A8E-653221E679A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2288EFBB-0EAC-464A-90C0-890D4493A9B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "2893E9E6-986B-422F-BBE6-CD6B07A50B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.22:*:*:*:*:*:*:*",
"matchCriteriaId": "AE6F1BC7-9ED0-4654-9C44-325DCEEF83AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.23:*:*:*:*:*:*:*",
"matchCriteriaId": "89AE4C2E-74F1-4ECA-A45D-6F4C5E3BA652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.24:*:*:*:*:*:*:*",
"matchCriteriaId": "63A81F22-4EA6-4316-AE28-622249DC2501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.25:*:*:*:*:*:*:*",
"matchCriteriaId": "EACB49FA-01C7-468E-A008-9E1B0CFCDF03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DD84B3-E569-4F0D-85AE-5E503C3974A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.27:*:*:*:*:*:*:*",
"matchCriteriaId": "26F1581D-19AC-4D63-AEC4-EFBB591C8C34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.28:*:*:*:*:*:*:*",
"matchCriteriaId": "EB70D1A6-65E1-49E0-88C0-8D57B1EF09C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.29:*:*:*:*:*:*:*",
"matchCriteriaId": "362BC925-46F3-40B5-A430-C6766FA8999B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.30:*:*:*:*:*:*:*",
"matchCriteriaId": "33116DFB-667F-4494-970F-DF713AEC9466",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read."
},
{
"lang": "es",
"value": "La funci\u00f3n MHD_http_unescape en libmicrohttpd anterior a 0.9.32 podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n sensible o causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de vectores no especificados que provoquen lecturas fuera de rango"
}
],
"id": "CVE-2013-7038",
"lastModified": "2024-11-21T02:00:13.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-13T18:55:05.660",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/55903"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201402-01.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/12/09/11"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/64138"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=493450"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039384"
},
{
"source": "cve@mitre.org",
"url": "https://gnunet.org/svn/libmicrohttpd/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/55903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201402-01.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/12/09/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=493450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://gnunet.org/svn/libmicrohttpd/ChangeLog"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-13 18:55
Modified
2024-11-21 02:00
Severity ?
Summary
Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | libmicrohttpd | * | |
| gnu | libmicrohttpd | 0.9.16 | |
| gnu | libmicrohttpd | 0.9.17 | |
| gnu | libmicrohttpd | 0.9.18 | |
| gnu | libmicrohttpd | 0.9.19 | |
| gnu | libmicrohttpd | 0.9.20 | |
| gnu | libmicrohttpd | 0.9.21 | |
| gnu | libmicrohttpd | 0.9.22 | |
| gnu | libmicrohttpd | 0.9.23 | |
| gnu | libmicrohttpd | 0.9.24 | |
| gnu | libmicrohttpd | 0.9.25 | |
| gnu | libmicrohttpd | 0.9.26 | |
| gnu | libmicrohttpd | 0.9.27 | |
| gnu | libmicrohttpd | 0.9.28 | |
| gnu | libmicrohttpd | 0.9.29 | |
| gnu | libmicrohttpd | 0.9.30 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3F576D-E209-4442-84A0-F5720C0670B9",
"versionEndIncluding": "0.9.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.16:*:*:*:*:*:*:*",
"matchCriteriaId": "79204833-B005-4AEA-86FF-51DCC291C68D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.17:*:*:*:*:*:*:*",
"matchCriteriaId": "6946AFC5-A1ED-4804-B0D5-FD954D299EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.18:*:*:*:*:*:*:*",
"matchCriteriaId": "D0899B1B-7E70-41A5-B73E-BA1DBA2320C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.19:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA9A39A-8223-495B-9A8E-653221E679A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2288EFBB-0EAC-464A-90C0-890D4493A9B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "2893E9E6-986B-422F-BBE6-CD6B07A50B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.22:*:*:*:*:*:*:*",
"matchCriteriaId": "AE6F1BC7-9ED0-4654-9C44-325DCEEF83AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.23:*:*:*:*:*:*:*",
"matchCriteriaId": "89AE4C2E-74F1-4ECA-A45D-6F4C5E3BA652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.24:*:*:*:*:*:*:*",
"matchCriteriaId": "63A81F22-4EA6-4316-AE28-622249DC2501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.25:*:*:*:*:*:*:*",
"matchCriteriaId": "EACB49FA-01C7-468E-A008-9E1B0CFCDF03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A3DD84B3-E569-4F0D-85AE-5E503C3974A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.27:*:*:*:*:*:*:*",
"matchCriteriaId": "26F1581D-19AC-4D63-AEC4-EFBB591C8C34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.28:*:*:*:*:*:*:*",
"matchCriteriaId": "EB70D1A6-65E1-49E0-88C0-8D57B1EF09C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.29:*:*:*:*:*:*:*",
"matchCriteriaId": "362BC925-46F3-40B5-A430-C6766FA8999B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:libmicrohttpd:0.9.30:*:*:*:*:*:*:*",
"matchCriteriaId": "33116DFB-667F-4494-970F-DF713AEC9466",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n MHD_digest_auth_check en libmicrohttpd anterior a 0.9.32, cuando MHD_OPTION_CONNECTION_MEMORY_LIMIT se establece en un valor grande, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o posibilitar ejecutar c\u00f3digo arbitrario a trav\u00e9s de una URI muy larga en una cabecera de autenticaci\u00f3n"
}
],
"id": "CVE-2013-7039",
"lastModified": "2024-11-21T02:00:13.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-13T18:55:05.787",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55903"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201402-01.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/12/09/11"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/64138"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=493450"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039390"
},
{
"source": "cve@mitre.org",
"url": "https://gnunet.org/svn/libmicrohttpd/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201402-01.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/12/09/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=493450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://gnunet.org/svn/libmicrohttpd/ChangeLog"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2021-3466
Vulnerability from cvelistv5
Published
2021-03-25 00:00
Modified
2024-08-03 16:53
Severity ?
EPSS score ?
Summary
A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | libmicrohttpd |
Version: libmicrohttpd 0.9.70 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939127"
},
{
"name": "FEDORA-2021-6d5578e756",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4334XJNDJPYQNFE6S3S2KUJJ7TMHYCWL/"
},
{
"name": "FEDORA-2021-d4149ff7fb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K5NEPVGP3L2CZHLZ4UB44PEILHKPDBOG/"
},
{
"name": "FEDORA-2021-5e10ad8c19",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75HDMREKITMGPGE62NP7KE62ZJVLETXN/"
},
{
"name": "GLSA-202311-08",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libmicrohttpd",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libmicrohttpd 0.9.70"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-25T09:06:21.527775",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939127"
},
{
"name": "FEDORA-2021-6d5578e756",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4334XJNDJPYQNFE6S3S2KUJJ7TMHYCWL/"
},
{
"name": "FEDORA-2021-d4149ff7fb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K5NEPVGP3L2CZHLZ4UB44PEILHKPDBOG/"
},
{
"name": "FEDORA-2021-5e10ad8c19",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75HDMREKITMGPGE62NP7KE62ZJVLETXN/"
},
{
"name": "GLSA-202311-08",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-08"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3466",
"datePublished": "2021-03-25T00:00:00",
"dateReserved": "2021-03-24T00:00:00",
"dateUpdated": "2024-08-03T16:53:17.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7038
Vulnerability from cvelistv5
Published
2013-12-13 17:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/64138 | vdb-entry, x_refsource_BID | |
| https://bugs.gentoo.org/show_bug.cgi?id=493450 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1039384 | x_refsource_CONFIRM | |
| http://security.gentoo.org/glsa/glsa-201402-01.xml | vendor-advisory, x_refsource_GENTOO | |
| https://gnunet.org/svn/libmicrohttpd/ChangeLog | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/12/09/11 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/55903 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:46.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64138",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64138"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=493450"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039384"
},
{
"name": "GLSA-201402-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201402-01.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gnunet.org/svn/libmicrohttpd/ChangeLog"
},
{
"name": "[oss-security] 20131209 Re: CVE request: two issues in libmicro",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/09/11"
},
{
"name": "55903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55903"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-19T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "64138",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64138"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=493450"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039384"
},
{
"name": "GLSA-201402-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201402-01.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gnunet.org/svn/libmicrohttpd/ChangeLog"
},
{
"name": "[oss-security] 20131209 Re: CVE request: two issues in libmicro",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/09/11"
},
{
"name": "55903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55903"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64138"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=493450",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=493450"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1039384",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039384"
},
{
"name": "GLSA-201402-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201402-01.xml"
},
{
"name": "https://gnunet.org/svn/libmicrohttpd/ChangeLog",
"refsource": "CONFIRM",
"url": "https://gnunet.org/svn/libmicrohttpd/ChangeLog"
},
{
"name": "[oss-security] 20131209 Re: CVE request: two issues in libmicro",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/09/11"
},
{
"name": "55903",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55903"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7038",
"datePublished": "2013-12-13T17:00:00",
"dateReserved": "2013-12-09T00:00:00",
"dateUpdated": "2024-08-06T17:53:46.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-27371
Vulnerability from cvelistv5
Published
2023-02-28 00:00
Modified
2024-08-02 12:09
Severity ?
EPSS score ?
Summary
GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.gnunet.org/libmicrohttpd.git/commit/?id=6d6846e20bfdf4b3eb1b592c97520a532f724238"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/0xhebi/CVEs/tree/main/GNU%20Libmicrohttpd"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/libmicrohttpd/2023-02/msg00000.html"
},
{
"name": "[debian-lts-announce] 20230330 [SECURITY] [DLA 3374-1] libmicrohttpd security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00029.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more \u0027\\0\u0027 bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-30T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://git.gnunet.org/libmicrohttpd.git/commit/?id=6d6846e20bfdf4b3eb1b592c97520a532f724238"
},
{
"url": "https://github.com/0xhebi/CVEs/tree/main/GNU%20Libmicrohttpd"
},
{
"url": "https://lists.gnu.org/archive/html/libmicrohttpd/2023-02/msg00000.html"
},
{
"name": "[debian-lts-announce] 20230330 [SECURITY] [DLA 3374-1] libmicrohttpd security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00029.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-27371",
"datePublished": "2023-02-28T00:00:00",
"dateReserved": "2023-02-28T00:00:00",
"dateUpdated": "2024-08-02T12:09:43.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7039
Vulnerability from cvelistv5
Published
2013-12-13 17:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1039390 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/64138 | vdb-entry, x_refsource_BID | |
| https://bugs.gentoo.org/show_bug.cgi?id=493450 | x_refsource_CONFIRM | |
| http://security.gentoo.org/glsa/glsa-201402-01.xml | vendor-advisory, x_refsource_GENTOO | |
| https://gnunet.org/svn/libmicrohttpd/ChangeLog | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/12/09/11 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/55903 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:46.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039390"
},
{
"name": "64138",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64138"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=493450"
},
{
"name": "GLSA-201402-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201402-01.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gnunet.org/svn/libmicrohttpd/ChangeLog"
},
{
"name": "[oss-security] 20131209 Re: CVE request: two issues in libmicro",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/09/11"
},
{
"name": "55903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55903"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-19T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039390"
},
{
"name": "64138",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64138"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=493450"
},
{
"name": "GLSA-201402-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201402-01.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gnunet.org/svn/libmicrohttpd/ChangeLog"
},
{
"name": "[oss-security] 20131209 Re: CVE request: two issues in libmicro",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/12/09/11"
},
{
"name": "55903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55903"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1039390",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039390"
},
{
"name": "64138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64138"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=493450",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=493450"
},
{
"name": "GLSA-201402-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201402-01.xml"
},
{
"name": "https://gnunet.org/svn/libmicrohttpd/ChangeLog",
"refsource": "CONFIRM",
"url": "https://gnunet.org/svn/libmicrohttpd/ChangeLog"
},
{
"name": "[oss-security] 20131209 Re: CVE request: two issues in libmicro",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/09/11"
},
{
"name": "55903",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55903"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7039",
"datePublished": "2013-12-13T17:00:00",
"dateReserved": "2013-12-09T00:00:00",
"dateUpdated": "2024-08-06T17:53:46.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}