An out-of-bounds memory read flaw was found in the MHD_http_unescape() function in libmicrohttpd. This could possibly lead to information disclosure or allow a remote attacker to cause an application using libmicrohttpd to crash. This issue has been resolved in version 0.9.32. References: https://gnunet.org/svn/libmicrohttpd/ChangeLog http://secunia.com/advisories/55903/ https://bugs.gentoo.org/show_bug.cgi?id=493450 Acknowledgements: This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Created libmicrohttpd tracking bugs for this issue: Affects: fedora-all [bug 1039385] Affects: epel-all [bug 1039386]
CVE request: http://www.openwall.com/lists/oss-security/2013/12/09/1