CVE-2025-59777
Severity
8.7HIGH
EPSS
0.0%
top 91.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 10
Latest updateNov 11
Description
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Packages2 packages
▶CVEListV5gnu_project/gnu_libbmicrohttpdafter the v1.0.2 tag.), v1.0.2 and earlier (The vulnerability remains in the source code up until commit ff13abc on the master branch of the libmicrohttpd Git repository+1
Patches
🔴Vulnerability Details
3CVEList
▶
GHSA▶
GHSA-f6rc-8xc8-gmfm: NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1↗2025-11-10
OSV
▶
📋Vendor Advisories
3Microsoft▶
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the↗2025-11-11
Debian▶
CVE-2025-59777: libmicrohttpd - NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and ea...↗2025