Veracode Vulnerability DatabaseVERACODE:39484Denial Of Service (DoS)
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
23.5%
libmicrohttpd.so is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the improper boundary checks in the MHD_create_post_processor function of postprocessor.c, which allows an attacker to send a malicious HTTP POST packet that includes one or more \0 bytes in a multipart/form-data boundary field, resulting in an out-of-bounds read and a crash in the find_boundary function.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libmicrohttpd.so | le | 12.58.0 | |
| libmicrohttpd.so | le | 12.58.0 |
References
git.gnunet.org/libmicrohttpd.git/commit/?id=6d6846e20bfdf4b3eb1b592c97520a532f724238
github.com/0xhebi/CVEs/blob/main/GNU%20Libmicrohttpd/CVE-2023-27371.md
github.com/0xhebi/CVEs/tree/main/GNU%20Libmicrohttpd
github.com/advisories/GHSA-x2hm-ghg4-c67m
gitlab.com/libmicrohttpd/libmicrohttpd/-/commit/e0754d1638c602382384f1eface30854b1defeec
lists.debian.org/debian-lts-announce/2023/03/msg00029.html
lists.gnu.org/archive/html/libmicrohttpd/2023-02/msg00000.html
Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
23.5%