CVE-2021-3466
CVE-2021-3466
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 8.7%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
25 Mar 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable.
Affected products
n/a · libmicrohttpdWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://bugzilla.redhat.com/show_bug.cgi?id=1939127https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4334XJNDJPYQNFE6S3S2KUJJ7TMHYCWL/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75HDMREKITMGPGE62NP7KE62ZJVLETXN/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K5NEPVGP3L2CZHLZ4UB44PEILHKPDBOG/https://security.gentoo.org/glsa/202311-08