Libmicrohttpd@* Security Vulnerabilities and Issues — Libmicrohttpd@* CVE List

GnuLibmicrohttpd*

3 matches found

CVE•added 2023/02/28 12:0 a.m.•103 views

CVE-2023-27371

Summary: CVE-2023-27371 affects GNU libmicrohttpd prior to 0.9.76. The vulnerability arises from improper parsing of multipart/form-data boundaries in postprocessor.c MHD_create_post_processor(), enabling a remote attacker to send a crafted HTTP POST containing one or more '\0' bytes in the bound...

5.9CVSS5.7AI score0.00074EPSS

CVE•added 2025/11/10 4:10 a.m.•10 views

CVE-2025-59777

CVE-2025-59777 affects GNU libmicrohttpd up to v1.0.2, with a NULL pointer dereference that can be triggered by a crafted network packet, leading to a DoS. The fix was applied after v1.0.2 (commit ff13abc on the master branch). Multiple connected advisories note affected SUSE/openSUSE packages an...

8.7CVSS6.4AI score0.00036EPSS

CVE•added 2025/11/10 4:10 a.m.•9 views

CVE-2025-62689

CVE-2025-62689 affects GNU Libmicrohttpd up to version 1.0.2 (and earlier). The root cause is a NULL pointer dereference and related heap-based overflow triggered by specially crafted packets, leading to DoS. The fix was committed (ff13abc) after the v1.0.2 tag in the libmicrohttpd repository. Co...

8.7CVSS6.4AI score0.00036EPSS