cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-27371,https://securityvulnerability.io/vulnerability/CVE-2023-27371,Denial of Service Vulnerability in GNU libmicrohttpd Affects Multiple Applications,"GNU libmicrohttpd versions prior to 0.9.76 are susceptible to a Denial of Service vulnerability that arises from improper handling of multipart/form-data boundaries in the postprocessor. This flaw allows an attacker to discreetly send a malformed HTTP POST request, which includes null ('\0') bytes in the boundary field. If the request is crafted in a specific way, it can lead to an out-of-bounds read during processing, ultimately causing a crash when the find_boundary() function is executed. This vulnerability can disrupt services relying on the affected versions of libmicrohttpd.",Gnu,LIBMicrohttpd,5.9,MEDIUM,0.0010499999625608325,false,,false,false,false,,,false,false,,2023-02-28T00:00:00.000Z,0
CVE-2021-3466,https://securityvulnerability.io/vulnerability/CVE-2021-3466,Buffer Overflow Vulnerability in libmicrohttpd Affects Multiple Systems,"A vulnerability has been identified in libmicrohttpd where a missing bounds check in the post_process_urlencoded function results in a buffer overflow. This flaw can be exploited by a remote attacker to inject arbitrary data into applications utilizing libmicrohttpd, potentially compromising data confidentiality and integrity. Furthermore, the flaw threatens system availability, allowing exploitation that can disrupt service functionality. The only affected version is 0.9.70, making it essential for users and administrators to review their deployments and implement necessary updates.",Gnu,LIBMicrohttpd,9.8,CRITICAL,0.006769999861717224,false,,false,false,false,,,false,false,,2021-03-25T18:45:33.000Z,0
CVE-2013-7038,https://securityvulnerability.io/vulnerability/CVE-2013-7038,,The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read.,Gnu,LIBMicrohttpd,,,0.023600000888109207,false,,false,false,false,,,false,false,,2013-12-13T17:00:00.000Z,0
CVE-2013-7039,https://securityvulnerability.io/vulnerability/CVE-2013-7039,,"Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header.",Gnu,LIBMicrohttpd,,,0.03892999887466431,false,,false,false,false,,,false,false,,2013-12-13T17:00:00.000Z,0