Unrated severityNVD Advisory· Published Feb 28, 2023· Updated Mar 11, 2025
CVE-2023-27371
CVE-2023-27371
Description
GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
17(expand)+ 1 more
- (no CPE)
- (no CPE)range: <0.9.76
- osv-coords15 versionspkg:rpm/almalinux/libmicrohttpdpkg:rpm/almalinux/libmicrohttpd-develpkg:rpm/almalinux/libmicrohttpd-docpkg:rpm/opensuse/libmicrohttpd&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/libmicrohttpd&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/suse/libmicrohttpd&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/libmicrohttpd&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/libmicrohttpd&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/libmicrohttpd&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/libmicrohttpd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/libmicrohttpd&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/libmicrohttpd&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/libmicrohttpd&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libmicrohttpd&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libmicrohttpd&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 1:0.9.72-5.el9+ 14 more
- (no CPE)range: < 1:0.9.72-5.el9
- (no CPE)range: < 1:0.9.72-5.el9
- (no CPE)range: < 1:0.9.72-5.el9
- (no CPE)range: < 0.9.57-150000.3.3.1
- (no CPE)range: < 0.9.57-150000.3.3.1
- (no CPE)range: < 0.9.57-150000.3.3.1
- (no CPE)range: < 0.9.57-150000.3.3.1
- (no CPE)range: < 0.9.57-150000.3.3.1
- (no CPE)range: < 0.9.57-150000.3.3.1
- (no CPE)range: < 0.9.57-150000.3.3.1
- (no CPE)range: < 0.9.57-150000.3.3.1
- (no CPE)range: < 0.9.57-150000.3.3.1
- (no CPE)range: < 0.9.30-6.3.1
- (no CPE)range: < 0.9.30-6.3.1
- (no CPE)range: < 0.9.30-6.3.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.