Headline
CVE-2021-3466: Buffer overflow issue in URL parser in the post_process_urlencoded function
A flaw was found in libmicrohttpd in versions before 0.9.71. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Bug 1939127 (CVE-2021-3466) - CVE-2021-3466 libmicrohttpd: Buffer overflow issue in URL parser in the post_process_urlencoded function
Summary: CVE-2021-3466 libmicrohttpd: Buffer overflow issue in URL parser in the post_…
Keywords:
Status:
CLOSED NOTABUG
Alias:
CVE-2021-3466
Product:
Security Response
Classification:
Other
Component:
vulnerability
Sub Component:
Version:
unspecified
Hardware:
All
OS:
Linux
Priority:
high
Severity:
high
Target Milestone:
—
Assignee:
Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
1939128 1939129
Blocks:
1939130 1942701
TreeView+
depends on / blocked
Reported:
2021-03-15 16:52 UTC by Pedro Sampaio
Modified:
2021-06-23 09:09 UTC (History)
CC List:
5 users (show)
Fixed In Version:
libmicrohttpd 0.9.71
Doc Type:
If docs needed, set a value
Doc Text:
A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Clone Of:
Environment:
Last Closed:
2021-03-23 17:35:48 UTC
Attachments
(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)