Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.9
CVSSv3

CVE-2023-27371

Published: 28/02/2023 Updated: 31/03/2023
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 0

Vulnerability Summary

GNU libmicrohttpd prior to 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an malicious user to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu libmicrohttpd

Vendor Advisories

Red Hat: Moderate: libmicrohttpd security update
Synopsis Moderate: libmicrohttpd security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libmicrohttpd is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as ...
Red Hat: Moderate: libmicrohttpd security update
Synopsis Moderate: libmicrohttpd security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libmicrohttpd is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as ...
Red Hat: Moderate: libmicrohttpd security update
Synopsis Moderate: libmicrohttpd security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libmicrohttpd is now available for Red Hat Enterprise Linux 88 Extended Update SupportRed Hat Product Securit ...
Amazon Linux 2: ALAS2-2023-2135
GNU libmicrohttpd before 0976 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessorc MHD_create_post_processor() method This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assumin ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: GNU libmicrohttpd before 0976 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessorc MHD_create_post_processor() method This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' b ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-125https://github.com/0xhebi/CVEs/tree/main/GNU%20Libmicrohttpdhttps://git.gnunet.org/libmicrohttpd.git/commit/?id=6d6846e20bfdf4b3eb1b592c97520a532f724238https://lists.gnu.org/archive/html/libmicrohttpd/2023-02/msg00000.htmlhttps://lists.debian.org/debian-lts-announce/2023/03/msg00029.htmlhttps://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2023:6566https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10https://alas.aws.amazon.com/AL2/ALAS-2023-2135.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248CVE-2024-3110CVE-2024-5552CVE-2024-29415HTML injectionCVE-2024-3095TCPtype confusionCVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook