K47306214 : GNU Libmicrohttpd vulnerability CVE-2021-3466

2021-05-0400:00:00

my.f5.com

buffer overflow

libmicrohttpd

data confidentiality

integrity

system availability

AI Score

9.4

Confidence

High

EPSS

0.004

Percentile

72.2%

JSON

Security Advisory Description

A flaw was found in libmicrohttpd in versions before 0.9.71. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3466)

Impact

There is no impact; F5 products are not affected by this vulnerability.