One Article Review
| Source |  CVE Liste |
|---|---|
| Identifiant | 8314396 |
| Date de publication | 2023-02-28 20:15:10 (vue: 2023-02-28 22:06:55) |
| Titre | CVE-2023-27371 |
| Texte | GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function. |
| Notes | |
| Envoyé | Oui |
| Condensat | 2023 27371 allows assuming attacker before boundary bounds bytes crash create cve data denial dos due field find function gnu heap http improper includes layout libmicrohttpd malicious method mhd more multipart/form one out packet parsing post postprocessor processor read remote remotely result send service specific which will |
| Tags | |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.