CVE-2021-3466

CVE-2021-3466 affects libmicrohttpd prior to 0.9.71. Root cause: a missing bounds check in post_process_urlencoded can trigger a buffer overflow, allowing a remote attacker to write arbitrary data in apps using libmicrohttpd. Impact per sources: high risk to confidentiality, integrity, and availa...

CVE-2023-27371

Summary: CVE-2023-27371 affects GNU libmicrohttpd prior to 0.9.76. The vulnerability arises from improper parsing of multipart/form-data boundaries in postprocessor.c MHD_create_post_processor(), enabling a remote attacker to send a crafted HTTP POST containing one or more '\0' bytes in the bound...

CVE-2013-7039

CVE-2013-7039 affects libmicrohttpd up to 0.9.32, where a stack-based buffer overflow in MHD_digest_auth_check (triggered when MHD_OPTION_CONNECTION_MEMORY_LIMIT is large) can cause a crash or potentially allow remote code execution via a long URI in an authentication header. Public responses in ...

CVE-2013-7038

CVE-2013-7038 affects libmicrohttpd up to version prior to 0.9.32. The MHD_http_unescape function may trigger an out-of-bounds read, allowing remote attackers to obtain sensitive information and/or cause a denial of service (crash). Several advisories (openSUSE/SUSE/Mageia/OpenVAS listings) indic...

CVE-2025-59777

CVE-2025-59777 affects GNU libmicrohttpd up to v1.0.2, with a NULL pointer dereference that can be triggered by a crafted network packet, leading to a DoS. The fix was applied after v1.0.2 (commit ff13abc on the master branch). Multiple connected advisories note affected SUSE/openSUSE packages an...

CVE-2025-62689

CVE-2025-62689 affects GNU Libmicrohttpd up to version 1.0.2 (and earlier). The root cause is a NULL pointer dereference and related heap-based overflow triggered by specially crafted packets, leading to DoS. The fix was committed (ff13abc) after the v1.0.2 tag in the libmicrohttpd repository. Co...