[v3.4] mini_httpd: Protocol String Handling Memory Disclosure (CVE-2015-1548)
Info: mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read.
Please provide mini_httpd 1.23 or later version.
Also if possible please backport it to 2.7 and higher repositories.
Thank you very much!
(from redmine: issue id 5901, created on 2016-07-14, closed on 2016-07-14)
- Relations:
- parent #5900 (closed)
- Changesets:
- Revision cb82a51f by Natanael Copa on 2016-07-14T13:31:59Z:
main/mini_httpd: security upgrade to 1.25 (CVE-2015-1548)
fixes #5901