[Debian-iot-maintainers] Bug#993851: ulfius: CVE-2021-40540

Neil Williams codehelp at debian.org
Tue Sep 7 09:44:34 BST 2021


Source: ulfius
Version: 2.7.1-1
Severity: important
Tags: security upstream

A security vulnerability exists in ulfius prior to version 2.7.4

CVE-2021-40540 [0]

ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info
initialization and a con_info->request NULL check for certain malformed
HTTP requests.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-40540
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40540

Thanks



More information about the Debian-iot-maintainers mailing list