CVE-2013-7039

CWE-119 — Buffer Overflow7 documents7 sources

Severity

5.1MEDIUM

EPSS

2.4%

top 14.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Libmicrohttpd

Timeline

PublishedDec 13

Latest updateMay 17

Description

Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages2 packages

▶Debianlibmicrohttpd< 0.9.32-1+3

▶NVDgnu/libmicrohttpd0.9.31+15

🔴Vulnerability Details

GHSA

GHSA-xjww-5jpx-q2w4: Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0↗2022-05-17

▶

OSV

CVE-2013-7039: Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0↗2013-12-13

▶

CVEList

CVE-2013-7039: Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0↗2013-12-13

▶

📋Vendor Advisories

Red Hat

libmicrohttpd: stack overflow in MHD_digest_auth_check()↗2013-11-28

▶

Debian

CVE-2013-7039: libmicrohttpd - Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohtt...↗2013

▶

💬Community

Bugzilla

CVE-2013-7039 libmicrohttpd: stack overflow in MHD_digest_auth_check()↗2013-12-09

▶