GNU Libmicrohttpd
By the Year
In 2024 there have been 0 vulnerabilities in GNU Libmicrohttpd . Last year Libmicrohttpd had 1 security vulnerability published. Right now, Libmicrohttpd is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 1 | 5.90 |
2022 | 0 | 0.00 |
2021 | 1 | 9.80 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Libmicrohttpd vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent GNU Libmicrohttpd Security Vulnerabilities
GNU libmicrohttpd before 0.9.76
CVE-2023-27371
5.9 - Medium
- February 28, 2023
GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.
Out-of-bounds Read
A flaw was found in libmicrohttpd
CVE-2021-3466
9.8 - Critical
- March 25, 2021
A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable.
Classic Buffer Overflow
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for GNU Libmicrohttpd or by GNU? Click the Watch button to subscribe.