Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header.
2013-12-13T18:55:05.787
2025-04-11T00:51:21.963
Deferred
CVSSv2: 5.1 (MEDIUM)
AV:N/AC:H/Au:N/C:P/I:P/A:P
4.9
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | gnu | libmicrohttpd | ≤ 0.9.31 | Yes |
| Application | gnu | libmicrohttpd | 0.9.16 | Yes |
| Application | gnu | libmicrohttpd | 0.9.17 | Yes |
| Application | gnu | libmicrohttpd | 0.9.18 | Yes |
| Application | gnu | libmicrohttpd | 0.9.19 | Yes |
| Application | gnu | libmicrohttpd | 0.9.20 | Yes |
| Application | gnu | libmicrohttpd | 0.9.21 | Yes |
| Application | gnu | libmicrohttpd | 0.9.22 | Yes |
| Application | gnu | libmicrohttpd | 0.9.23 | Yes |
| Application | gnu | libmicrohttpd | 0.9.24 | Yes |
| Application | gnu | libmicrohttpd | 0.9.25 | Yes |
| Application | gnu | libmicrohttpd | 0.9.26 | Yes |
| Application | gnu | libmicrohttpd | 0.9.27 | Yes |
| Application | gnu | libmicrohttpd | 0.9.28 | Yes |
| Application | gnu | libmicrohttpd | 0.9.29 | Yes |
| Application | gnu | libmicrohttpd | 0.9.30 | Yes |