Stack-Based Buffer Overflow in libmicrohttpd Affects Remote Authentication
CVE-2013-7039

Currently unrated

Key Information:

Vendor: Gnu
Status: LIBMicrohttpd
Vendor: CVE Published:; 13 December 2013

Summary

A stack-based buffer overflow vulnerability exists in the MHD_digest_auth_check function of libmicrohttpd prior to version 0.9.32. This flaw is triggered when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to an excessively large value, leading to the potential for remote attackers to exploit it by sending a crafted long URI in an authentication header. Consequently, this could result in a denial of service by crashing the application or potentially allowing unauthorized remote code execution.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1039390

x_refsource_CONFIRM

http://www.securityfocus.com/bid/64138

vdb-entryx_refsource_BID

https://bugs.gentoo.org/show_bug.cgi?id=493450

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 13, 2013
Vulnerability Reserved
Dec 9, 2013