5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
23.5%
libmicrohttpd.so is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the improper boundary checks in the MHD_create_post_processor
function of postprocessor.c
, which allows an attacker to send a malicious HTTP POST packet that includes one or more \0
bytes in a multipart/form-data boundary field, resulting in an out-of-bounds read and a crash in the find_boundary
function.
CPE | Name | Operator | Version |
---|---|---|---|
libmicrohttpd.so | le | 12.58.0 | |
libmicrohttpd.so | le | 12.58.0 |
git.gnunet.org/libmicrohttpd.git/commit/?id=6d6846e20bfdf4b3eb1b592c97520a532f724238
github.com/0xhebi/CVEs/blob/main/GNU%20Libmicrohttpd/CVE-2023-27371.md
github.com/0xhebi/CVEs/tree/main/GNU%20Libmicrohttpd
github.com/advisories/GHSA-x2hm-ghg4-c67m
gitlab.com/libmicrohttpd/libmicrohttpd/-/commit/e0754d1638c602382384f1eface30854b1defeec
lists.debian.org/debian-lts-announce/2023/03/msg00029.html
lists.gnu.org/archive/html/libmicrohttpd/2023-02/msg00000.html
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
23.5%