安全公告详情

NS-SA-2025-0091

2025-05-28 09:42:37

简介

moderate: libmicrohttpd security update

严重级别

moderate

主题

An update for libmicrohttpd is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

libmicrohttpd:


Security Fix(es):
libmicrohttpd: An out-of-bounds flaw was found in GNU's libmicrohttpd due to improper parsing of a multipart/form-data boundary in the MHD_create_post_processor() method in postprocessor.c. This flaw allows an attacker to remotely send a malicious HTTP POST packet that includes one or more ‘\0’ bytes in a multipart/form-data boundary field, which, assuming a specific heap layout, will result in an out-of-bounds read and a crash in the find_boundary() function, causing a denial of service.(CVE-2023-27371)
libmicrohttpd: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.02B7.

影响组件

  • libmicrohttpd

影响产品

  • CGSL MAIN 7.02

更新包

{"fix":[{"product":"CGSL MAIN 7.02","pkgs":[{"binary":["libmicrohttpd-0.9.75-1.zncgsl7.3.x86_64.rpm"],"source":"libmicrohttpd-0.9.75-1.zncgsl7.3.src.rpm"}]}]}
CGSL MAIN 7.02
  • libmicrohttpd-0.9.75-1.zncgsl7.3.src.rpm
    • libmicrohttpd-0.9.75-1.zncgsl7.3.x86_64.rpm

CVE

参考

© 2004-2023 广东中兴新支点技术有限公司 版权所有 (www.gd-linux.com) 粤ICP备15061780号-2

全国服务热线:400-033-0108