1. Home
  2. CVE Database
  3. CVE-2021-3466
CRITICAL · 9.8

CVE-2021-3466

A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that ...

Vulnerability Description

A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
GnuLibmicrohttpd0.9.70
RedhatEnterprise Linux6.0
FedoraprojectFedora32

Related Weaknesses (CWE)

CWE-120

References

FAQ

What is CVE-2021-3466?

CVE-2021-3466 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that ...

How severe is CVE-2021-3466?

CVE-2021-3466 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-3466?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Libmicrohttpd, Redhat Enterprise Linux, Fedoraproject Fedora.