CVE-2023-27371 MEDIUM

CVE-2023-27371

Vendor N/A
Product n/a
Published February 28, 2023
Last update March 11, 2025

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N

What the vulnerability does

01Description

GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.

Key dates

02Disclosure timeline

February 28, 2023 CVE published
March 11, 2025 Record updated