CVE-2013-7039

Currently unrated

Key Information:

Vendor: Gnu
Status: LIBMicrohttpd
Vendor: CVE Published:; 13 December 2013

Summary

Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1039390

x_refsource_CONFIRM

http://www.securityfocus.com/bid/64138

vdb-entryx_refsource_BID

https://bugs.gentoo.org/show_bug.cgi?id=493450

x_refsource_CONFIRM

EPSS Score

3% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 13, 2013
Vulnerability Reserved
Dec 9, 2013