NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9e90591b22
kumquat-buildroot/package/libmicrohttpd/libmicrohttpd.hash
Fabrice Fontaine 3b645ffda6 package/libmicrohttpd: security bump to version 0.9.76 
Fix CVE-2023-27371: GNU libmicrohttpd before 0.9.76 allows remote DoS
(Denial of Service) due to improper parsing of a multipart/form-data
boundary in the postprocessor.c MHD_create_post_processor() method. This
allows an attacker to remotely send a malicious HTTP POST packet that
includes one or more '\0' bytes in a multipart/form-data boundary field,
which - assuming a specific heap layout - will result in an
out-of-bounds read and a crash in the find_boundary() function.

https://lists.gnu.org/archive/html/libmicrohttpd/2023-02/msg00000.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-03-20 10:05:52 +01:00

4 lines
205 B
Plaintext
Raw Blame History

# Locally calculated
sha256 f0b1547b5a42a6c0f724e8e1c1cb5ce9c4c35fb495e7d780b9930d35011ceb4c libmicrohttpd-0.9.76.tar.gz
sha256 7399547209438c93f9b90297954698773d4846cea44cde5ca982c84c45952a3b COPYING
Reference in New Issue View Git Blame Copy Permalink