CVE-2013-7039
Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header.
| Software | From | Fixed in |
|---|---|---|
| gnu / libmicrohttpd | 0.9.28 | 0.9.28.x |
| gnu / libmicrohttpd | 0.9.29 | 0.9.29.x |
| gnu / libmicrohttpd | 0.9.27 | 0.9.27.x |
| gnu / libmicrohttpd | 0.9.23 | 0.9.23.x |
| gnu / libmicrohttpd | 0.9.25 | 0.9.25.x |
| gnu / libmicrohttpd | 0.9.22 | 0.9.22.x |
| gnu / libmicrohttpd | 0.9.30 | 0.9.30.x |
| gnu / libmicrohttpd | 0.9.20 | 0.9.20.x |
| gnu / libmicrohttpd | 0.9.18 | 0.9.18.x |
| gnu / libmicrohttpd | 0.9.17 | 0.9.17.x |
| gnu / libmicrohttpd | - | 0.9.31.x |
| gnu / libmicrohttpd | 0.9.21 | 0.9.21.x |
| gnu / libmicrohttpd | 0.9.24 | 0.9.24.x |
| gnu / libmicrohttpd | 0.9.16 | 0.9.16.x |
| gnu / libmicrohttpd | 0.9.26 | 0.9.26.x |
| gnu / libmicrohttpd | 0.9.19 | 0.9.19.x |
- http://secunia.com/advisories/55903
- http://security.gentoo.org/glsa/glsa-201402-01.xml
- http://www.openwall.com/lists/oss-security/2013/12/09/11
- http://www.securityfocus.com/bid/64138
- https://bugs.gentoo.org/show_bug.cgi?id=493450
- https://bugzilla.redhat.com/show_bug.cgi?id=1039390
- https://gnunet.org/svn/libmicrohttpd/ChangeLog
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime