CVE-2013-7039

Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.1 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
gnulibmicrohttpd
𝑥
≤ 0.9.31
gnulibmicrohttpd
0.9.16
gnulibmicrohttpd
0.9.17
gnulibmicrohttpd
0.9.18
gnulibmicrohttpd
0.9.19
gnulibmicrohttpd
0.9.20
gnulibmicrohttpd
0.9.21
gnulibmicrohttpd
0.9.22
gnulibmicrohttpd
0.9.23
gnulibmicrohttpd
0.9.24
gnulibmicrohttpd
0.9.25
gnulibmicrohttpd
0.9.26
gnulibmicrohttpd
0.9.27
gnulibmicrohttpd
0.9.28
gnulibmicrohttpd
0.9.29
gnulibmicrohttpd
0.9.30
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libmicrohttpd
bullseye
0.9.72-2+deb11u1
fixed
squeeze
no-dsa
bookworm
0.9.75-6
fixed
sid
1.0.1-2
fixed
trixie
1.0.1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libmicrohttpd
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
utopic
not-affected
trusty
not-affected
saucy
ignored
raring
ignored
quantal
ignored
precise
ignored
lucid
ignored
Common Weakness Enumeration
References
http://secunia.com/advisories/55903
http://security.gentoo.org/glsa/glsa-201402-01.xml
http://www.openwall.com/lists/oss-security/2013/12/09/11
http://www.securityfocus.com/bid/64138
https://bugs.gentoo.org/show_bug.cgi?id=493450
https://bugzilla.redhat.com/show_bug.cgi?id=1039390
https://gnunet.org/svn/libmicrohttpd/ChangeLog
http://secunia.com/advisories/55903
http://security.gentoo.org/glsa/glsa-201402-01.xml
http://www.openwall.com/lists/oss-security/2013/12/09/11
http://www.securityfocus.com/bid/64138
https://bugs.gentoo.org/show_bug.cgi?id=493450
https://bugzilla.redhat.com/show_bug.cgi?id=1039390
https://gnunet.org/svn/libmicrohttpd/ChangeLog