CVE-2013-7038

Name of the Vulnerable Software and Affected Versions libmicrohttpd versions prior to 0.9.32

Description The issue in the MHD http unescape function might allow remote attackers to obtain sensitive information or cause a denial of service via unspecified vectors that trigger an out-of-bounds read. Multiple vulnerabilities in libmicrohttpd can lead to confidentiality and availability breaches of protected information, and these can be exploited remotely.

Recommendations For versions prior to 0.9.32, update to version 0.9.32 or later to resolve the issue. As a temporary workaround, consider restricting access to the MHD http unescape function until a patch is available.