Vulnerability Details CVE-2013-7038
The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.1%
CVSS Severity
CVSS v2 Score 6.4
References
- http://secunia.com/advisories/55903
- http://security.gentoo.org/glsa/glsa-201402-01.xml
- http://www.openwall.com/lists/oss-security/2013/12/09/11
- http://www.securityfocus.com/bid/64138
- https://bugs.gentoo.org/show_bug.cgi?id=493450
- https://bugzilla.redhat.com/show_bug.cgi?id=1039384
- https://gnunet.org/svn/libmicrohttpd/ChangeLog
- http://secunia.com/advisories/55903
- http://security.gentoo.org/glsa/glsa-201402-01.xml
- http://www.openwall.com/lists/oss-security/2013/12/09/11
- http://www.securityfocus.com/bid/64138
- https://bugs.gentoo.org/show_bug.cgi?id=493450
- https://bugzilla.redhat.com/show_bug.cgi?id=1039384
- https://gnunet.org/svn/libmicrohttpd/ChangeLog
Products affected by CVE-2013-7038
-
cpe:2.3:a:gnu:libmicrohttpd:0.9.16
-
cpe:2.3:a:gnu:libmicrohttpd:0.9.17
-
cpe:2.3:a:gnu:libmicrohttpd:0.9.18
-
cpe:2.3:a:gnu:libmicrohttpd:0.9.19
-
cpe:2.3:a:gnu:libmicrohttpd:0.9.20
-
cpe:2.3:a:gnu:libmicrohttpd:0.9.21
-
cpe:2.3:a:gnu:libmicrohttpd:0.9.22
-
cpe:2.3:a:gnu:libmicrohttpd:0.9.23
-
cpe:2.3:a:gnu:libmicrohttpd:0.9.24
-
cpe:2.3:a:gnu:libmicrohttpd:0.9.25
-
cpe:2.3:a:gnu:libmicrohttpd:0.9.26
-
cpe:2.3:a:gnu:libmicrohttpd:0.9.27
-
cpe:2.3:a:gnu:libmicrohttpd:0.9.28
-
cpe:2.3:a:gnu:libmicrohttpd:0.9.29
-
cpe:2.3:a:gnu:libmicrohttpd:0.9.30
-
cpe:2.3:a:gnu:libmicrohttpd:0.9.31