Security Advisory 2020-01-13-1 - uhttpd invalid data access via HTTP POST request (CVE-2019-19945)
DESCRIPTION An invalid data access can be triggered with an HTTP POST request to a CGI script specifying both Transfer-Encoding: chunked and a large Content-Length which exceeds 2^31 and is interpreted as a signed negative number. The negative content length is assigned to r→contentlength in...