A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
25 Nov 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2023, 03:38
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
15 Dec 2021, 14:38
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:gnu:libmicrohttpd:0.9.70:*:*:*:*:*:*:* |
07 Dec 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable. |
03 Dec 2021, 18:14
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K5NEPVGP3L2CZHLZ4UB44PEILHKPDBOG/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4334XJNDJPYQNFE6S3S2KUJJ7TMHYCWL/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/75HDMREKITMGPGE62NP7KE62ZJVLETXN/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
05 May 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Mar 2021, 18:24
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1939127 - Issue Tracking, Patch, Third Party Advisory | |
CPE | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1939127 - Issue Tracking, Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1939127 - Issue Tracking, Patch, Third Party Advisory | |
CPE | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
CPE | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1939127 - Issue Tracking, Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1939127 - Issue Tracking, Patch, Third Party Advisory | |
CPE | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
CPE | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
CPE | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1939127 - Issue Tracking, Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1939127 - Issue Tracking, Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
CPE | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
CPE | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1939127 - Issue Tracking, Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
CPE | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
CPE | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
CPE | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
CPE | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1939127 - Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1939127 - Issue Tracking, Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1939127 - Issue Tracking, Patch, Third Party Advisory | |
CPE | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1939127 - Issue Tracking, Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1939127 - Issue Tracking, Patch, Third Party Advisory | |
CPE | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1939127 - Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1939127 - Issue Tracking, Patch, Third Party Advisory |
25 Mar 2021, 19:18
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
New CVE | ||
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
Information
Published : 2021-03-25 19:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-3466
Mitre link : CVE-2021-3466
CVE.ORG link : CVE-2021-3466
JSON object : View
Products Affected
redhat
- enterprise_linux
gnu
- libmicrohttpd
fedoraproject
- fedora
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')