{"vulnerability": "CVE-2023-27371", "sightings": [{"uuid": "9f9aa891-e192-48f8-84bc-c50a12bd7d1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27371", "type": "seen", "source": "https://t.me/cibsecurity/59167", "content": "\u203c CVE-2023-27371 \u203c\n\nGNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-28T22:33:01.000000Z"}]}