Описание
Security update for libmicrohttpd
This update for libmicrohttpd fixes the following issues:
- CVE-2025-62689: Fixed heap-based buffer overflow through a specially crafted packet (bsc#1253178)
- CVE-2025-59777: Fixed NULL pointer dereference through a specially crafted packet (bsc#1253177)
Список пакетов
openSUSE Leap 16.0
libmicrohttpd-devel-1.0.1-160000.3.1
libmicrohttpd12-1.0.1-160000.3.1
Ссылки
- SUSE Security Ratings
- SUSE Bug 1253177
- SUSE Bug 1253178
- SUSE CVE CVE-2025-59777 page
- SUSE CVE CVE-2025-62689 page
Описание
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.
Затронутые продукты
openSUSE Leap 16.0:libmicrohttpd-devel-1.0.1-160000.3.1
openSUSE Leap 16.0:libmicrohttpd12-1.0.1-160000.3.1
Ссылки
- CVE-2025-59777
- SUSE Bug 1253177
Описание
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.
Затронутые продукты
openSUSE Leap 16.0:libmicrohttpd-devel-1.0.1-160000.3.1
openSUSE Leap 16.0:libmicrohttpd12-1.0.1-160000.3.1
Ссылки
- CVE-2025-62689
- SUSE Bug 1253178