CVE-2013-7038: Buffer Overflow
First published: Mon Dec 09 2013(Updated: )
An out-of-bounds memory read flaw was found in the MHD_http_unescape() function in libmicrohttpd. This could possibly lead to information disclosure or allow a remote attacker to cause an application using libmicrohttpd to crash. This issue has been resolved in version 0.9.32. References: <a href="https://gnunet.org/svn/libmicrohttpd/ChangeLog">https://gnunet.org/svn/libmicrohttpd/ChangeLog</a> <a href="http://secunia.com/advisories/55903/">http://secunia.com/advisories/55903/</a> <a href="https://bugs.gentoo.org/show_bug.cgi?id=493450">https://bugs.gentoo.org/show_bug.cgi?id=493450</a> Acknowledgements: This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU libmicrohttpd | <=0.9.31 | |
| GNU libmicrohttpd | =0.9.16 | |
| GNU libmicrohttpd | =0.9.17 | |
| GNU libmicrohttpd | =0.9.18 | |
| GNU libmicrohttpd | =0.9.19 | |
| GNU libmicrohttpd | =0.9.20 | |
| GNU libmicrohttpd | =0.9.21 | |
| GNU libmicrohttpd | =0.9.22 | |
| GNU libmicrohttpd | =0.9.23 | |
| GNU libmicrohttpd | =0.9.24 | |
| GNU libmicrohttpd | =0.9.25 | |
| GNU libmicrohttpd | =0.9.26 | |
| GNU libmicrohttpd | =0.9.27 | |
| GNU libmicrohttpd | =0.9.28 | |
| GNU libmicrohttpd | =0.9.29 | |
| GNU libmicrohttpd | =0.9.30 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://gnunet.org/svn/libmicrohttpd/ChangeLog
- http://secunia.com/advisories/55903/
- https://bugs.gentoo.org/show_bug.cgi?id=493450
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1039385
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1039386
- http://www.openwall.com/lists/oss-security/2013/12/09/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1039384
- http://secunia.com/advisories/55903
- http://security.gentoo.org/glsa/glsa-201402-01.xml
- http://www.openwall.com/lists/oss-security/2013/12/09/11
- http://www.securityfocus.com/bid/64138
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-7038
- agent/trending
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/source
- vendor/gnu
- canonical/gnu libmicrohttpd
- version/gnu libmicrohttpd/0.9.31
- version/gnu libmicrohttpd/0.9.16
- version/gnu libmicrohttpd/0.9.17
- version/gnu libmicrohttpd/0.9.18
- version/gnu libmicrohttpd/0.9.19
- version/gnu libmicrohttpd/0.9.20
- version/gnu libmicrohttpd/0.9.21
- version/gnu libmicrohttpd/0.9.22
- version/gnu libmicrohttpd/0.9.23
- version/gnu libmicrohttpd/0.9.24
- version/gnu libmicrohttpd/0.9.25
- version/gnu libmicrohttpd/0.9.26
- version/gnu libmicrohttpd/0.9.27
- version/gnu libmicrohttpd/0.9.28
- version/gnu libmicrohttpd/0.9.29
- version/gnu libmicrohttpd/0.9.30