INFSA-2023:6566: libmicrohttpd security update
Information about definition
Identificator: INFSA-2023:6566
Type: security
Release date: 2025-03-05 17:27:14 UTC
Information about package
GNU libmicrohttpd is a small C library that makes it easy to run an HTTP server as part of another application.
Vulnerabilities description
- CVE-2023-27371
GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2023-27371
|
no information | 5.9 | no information |
Updated packages