CVE-2013-7038

CWE-119 — Buffer Overflow CWE-125 — Out-of-bounds Read7 documents7 sources

Severity

6.4MEDIUM

EPSS

0.9%

top 23.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Libmicrohttpd

Timeline

PublishedDec 13

Latest updateMay 17

Description

The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read.

CVSS vector

AV:N/AC:L/C:P/I:N/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

▶Debianlibmicrohttpd< 0.9.32-1+3

▶NVDgnu/libmicrohttpd0.9.31+15

🔴Vulnerability Details

GHSA

GHSA-q6qf-jwgr-5477: The MHD_http_unescape function in libmicrohttpd before 0↗2022-05-17

▶

OSV

CVE-2013-7038: The MHD_http_unescape function in libmicrohttpd before 0↗2013-12-13

▶

CVEList

CVE-2013-7038: The MHD_http_unescape function in libmicrohttpd before 0↗2013-12-13

▶

📋Vendor Advisories

Red Hat

libmicrohttpd: out-of-bounds read in MHD_http_unescape()↗2013-11-28

▶

Debian

CVE-2013-7038: libmicrohttpd - The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote...↗2013

▶

💬Community

Bugzilla

CVE-2013-7038 libmicrohttpd: out-of-bounds read in MHD_http_unescape()↗2013-12-09

▶