CVE-2013-7039

Name of the Vulnerable Software and Affected Versions libmicrohttpd versions prior to 0.9.32

Description The issue is related to a stack-based buffer overflow in the MHD digest auth check function. This can be triggered when MHD OPTION CONNECTION MEMORY LIMIT is set to a large value, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via a long URI in an authentication header. Multiple vulnerabilities in libmicrohttpd, prior to version 0.9.32, can lead to breaches of confidentiality and availability of protected information, and can be exploited remotely.

Recommendations For libmicrohttpd versions prior to 0.9.32, update to version 0.9.32 or later to resolve the issue. As a temporary workaround, consider restricting the MHD OPTION CONNECTION MEMORY LIMIT to prevent large values that could trigger the buffer overflow. Avoid using long URIs in authentication headers until the issue is resolved.