CVE-2013-7039

Description

Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header.

How to fix CVE-2013-7039

To remediate CVE-2013-7039, upgrade the affected package to a fixed version below.

• Debian/libmicrohttpd—upgrade to 0.9.32-1 or later

Is CVE-2013-7039 being exploited?

Low — EPSS is 2.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.9.32-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-7039