cvedb.io
CVE-2021-3466
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2021-03-25T19:15:15.297 · Last modified 2026-06-17T04:05:09.357

Summary

A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable.

Affected products

gnu — libmicrohttpd

Does this affect you?

Add your gear to cvedb and we'll alert you only when gnu ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.