Unrated severityNVD Advisory· Published Dec 13, 2013· Updated Apr 29, 2026
CVE-2013-7039
CVE-2013-7039
Description
Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header.
Affected products
16cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:gnu:libmicrohttpd:*:*:*:*:*:*:*:*range: <=0.9.31
- cpe:2.3:a:gnu:libmicrohttpd:0.9.16:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:libmicrohttpd:0.9.17:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:libmicrohttpd:0.9.18:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:libmicrohttpd:0.9.19:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:libmicrohttpd:0.9.20:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:libmicrohttpd:0.9.21:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:libmicrohttpd:0.9.22:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:libmicrohttpd:0.9.23:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:libmicrohttpd:0.9.24:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:libmicrohttpd:0.9.25:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:libmicrohttpd:0.9.26:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:libmicrohttpd:0.9.27:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:libmicrohttpd:0.9.28:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:libmicrohttpd:0.9.29:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:libmicrohttpd:0.9.30:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7News mentions
0No linked articles in our index yet.