DEBIAN-CVE-2025-62689
- Source
- https://security-tracker.debian.org/tracker/CVE-2025-62689
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-62689.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-62689
- Upstream
- Published
- 2025-11-10T05:15:49.087Z
- Modified
- 2025-11-20T10:18:27.187358Z
- Severity
-
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
- Summary
- [none]
- Details
-
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.
- References
Affected packages
Debian:11 / libmicrohttpd
Package
- Name
- libmicrohttpd
- Purl
- pkg:deb/debian/libmicrohttpd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.9.72-2
0.9.72-2+deb11u1
0.9.72-3
0.9.73-1
0.9.73-2
0.9.73-3
0.9.73-4
0.9.75-1
0.9.75-2
0.9.75-3
0.9.75-4
0.9.75-5
0.9.75-6
0.9.76-1
0.9.77-1
0.9.77-2
0.9.77-3
1.*
1.0.0-1
1.0.0-1.1~exp1
1.0.0-2
1.0.0-2.1~exp1
1.0.0-2.1
1.0.1-1
1.0.1-2
1.0.1-3
1.0.1-4
1.0.2-1~exp1
1.0.2-1
1.0.2-2
Debian:12 / libmicrohttpd
Package
- Name
- libmicrohttpd
- Purl
- pkg:deb/debian/libmicrohttpd?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13 / libmicrohttpd
Package
- Name
- libmicrohttpd
- Purl
- pkg:deb/debian/libmicrohttpd?arch=source
Debian:14 / libmicrohttpd
Package
- Name
- libmicrohttpd
- Purl
- pkg:deb/debian/libmicrohttpd?arch=source