mini_httpd: Protocol String Handling Memory Disclosure (CVE-2015-1548)
Info: mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read.
Please provide mini_httpd 1.23 or later version.
Also if possible please backport it to 2.7 and higher repositories.
Thank you very much!
(from redmine: issue id 5900, created on 2016-07-14, closed on 2016-07-14)
- Relations:
- child #5901 (closed)
- child #5902 (closed)
- child #5903 (closed)
- child #5904 (closed)
- child #5905 (closed)