Buffer Overflow Vulnerability in libmicrohttpd Affects Multiple Systems
CVE-2021-3466

9.8CRITICAL

Key Information:

Vendor

Gnu
Status
LIBMicrohttpd
Vendor
CVE Published:
25 March 2021

What is CVE-2021-3466?

A vulnerability has been identified in libmicrohttpd where a missing bounds check in the post_process_urlencoded function results in a buffer overflow. This flaw can be exploited by a remote attacker to inject arbitrary data into applications utilizing libmicrohttpd, potentially compromising data confidentiality and integrity. Furthermore, the flaw threatens system availability, allowing exploitation that can disrupt service functionality. The only affected version is 0.9.70, making it essential for users and administrators to review their deployments and implement necessary updates.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

libmicrohttpd libmicrohttpd 0.9.70

References

https://bugzilla.redhat.com/show_bug.cgi?id=1939127
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.