Back to bug 2174313

Who	When	What	Removed	Added
Avinash Hanwate	2023-03-01 06:15:51 UTC	CC		lnykryn
Avinash Hanwate	2023-03-01 06:20:03 UTC	Blocks		2174315
TEJ RATHI	2023-03-01 06:35:51 UTC	Depends On		2174319, 2174320, 2174318, 2174317
TEJ RATHI	2023-03-02 04:27:21 UTC	Depends On		2174639, 2174640
TEJ RATHI	2023-03-13 08:25:06 UTC	Doc Text		An out-of-bounds issue was discovered in GNU's libmicrohttpd due to improper parsing of a multipart/form-data boundary in the MHD_create_post_processor() method in postprocessor.c. This flaw allows an attacker to remotely send a malicious HTTP POST packet that includes one or more ‘\0’ bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function, causing a denial of service.
RaTasha Tillery-Smith	2023-03-13 12:48:21 UTC	Doc Text	An out-of-bounds issue was discovered in GNU's libmicrohttpd due to improper parsing of a multipart/form-data boundary in the MHD_create_post_processor() method in postprocessor.c. This flaw allows an attacker to remotely send a malicious HTTP POST packet that includes one or more ‘\0’ bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function, causing a denial of service.	An out-of-bounds flaw was found in GNU's libmicrohttpd due to improper parsing of a multipart/form-data boundary in the MHD_create_post_processor() method in postprocessor.c. This flaw allows an attacker to remotely send a malicious HTTP POST packet that includes one or more ‘\0’ bytes in a multipart/form-data boundary field, which, assuming a specific heap layout, will result in an out-of-bounds read and a crash in the find_boundary() function, causing a denial of service.
Red Hat Bugzilla	2023-07-07 08:28:25 UTC	Assignee	security-response-team	nobody

Back to bug 2174313