An out-of-bounds memory read flaw was found in the MHD_http_unescape() function in libmicrohttpd. This could possibly lead to information disclosure or allow a remote attacker to cause an application using libmicrohttpd to crash. This issue has been resolved in version 0.9.32.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Created libmicrohttpd tracking bugs for this issue:
Affects: fedora-all [bug 1039385]
Affects: epel-all [bug 1039386]
CVE request: http://www.openwall.com/lists/oss-security/2013/12/09/1