A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
25 Nov 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2023, 03:38
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2021-03-25 19:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-3466
Mitre link : CVE-2021-3466
CVE.ORG link : CVE-2021-3466
JSON object : View
Products Affected
redhat
- enterprise_linux
gnu
- libmicrohttpd
fedoraproject
- fedora
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')