[v2.7] mini_httpd: Protocol String Handling Memory Disclosure (CVE-2015-1548)
Info: mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read.
Please provide mini_httpd 1.23 or later version.
Also if possible please backport it to 2.7 and higher repositories.
Thank you very much!
(from redmine: issue id 5905, created on 2016-07-14, closed on 2016-07-14)
- parent #5900 (closed)
- Revision 46cc566b by Natanael Copa on 2016-07-14T13:40:05Z:
main/mini_httpd: security upgrade to 1.23 (CVE-2015-1548) fixes #5905