A stack overflow flaw was found in the MHD_digest_auth_check() function in libmicrohttpd. If MHD_OPTION_CONNECTION_MEMORY_LIMIT was configured to allow large allocations, a remote attacker could possibly use this flaw to cause an application using libmicrohttpd to crash or, potentially, execute arbitrary code with the privileges of the user running the application. This issue has been resolved in version 0.9.32. References: https://gnunet.org/svn/libmicrohttpd/ChangeLog http://secunia.com/advisories/55903/ https://bugs.gentoo.org/show_bug.cgi?id=493450 Acknowledgements: This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Created libmicrohttpd tracking bugs for this issue: Affects: fedora-all [bug 1039391] Affects: epel-all [bug 1039392]
CVE request: http://www.openwall.com/lists/oss-security/2013/12/09/1