Remote Code Execution Risk in libmicrohttpd Affecting Multiple Versions by The Free Software Foundation
CVE-2013-7038

Currently unrated

Key Information:

Vendor: Gnu
Status: LIBMicrohttpd
Vendor: CVE Published:; 13 December 2013

Summary

The MHD_http_unescape function in libmicrohttpd, prior to version 0.9.32, can be exploited by remote attackers to access sensitive information or trigger a denial of service through out-of-bounds read vulnerabilities. This flaw could potentially compromise application integrity and affect user operations.

References

http://www.securityfocus.com/bid/64138

vdb-entryx_refsource_BID

https://bugs.gentoo.org/show_bug.cgi?id=493450

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1039384

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 13, 2013
Vulnerability Reserved
Dec 9, 2013