Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:gnu:libmicrohttpd:0.9.23:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-27371 |
GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function. Published: February 28, 2023; 3:15:10 PM -0500 |
V4.0:(not available) V3.1: 5.9 MEDIUM V2.0:(not available) |
CVE-2013-7039 |
Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header. Published: December 13, 2013; 1:55:05 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.1 MEDIUM |
CVE-2013-7038 |
The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read. Published: December 13, 2013; 1:55:05 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.4 MEDIUM |