Headline
CVE-2023-27371: CVEs/GNU Libmicrohttpd at main · 0xhebi/CVEs
GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more ‘\0’ bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Related news
Red Hat Security Advisory 2023-7090-01 - An update for libmicrohttpd is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.