[Debian-iot-maintainers] Bug#993851: ulfius: CVE-2021-40540
Neil Williams
codehelp at debian.org
Tue Sep 7 09:44:34 BST 2021
Source: ulfius
Version: 2.7.1-1
Severity: important
Tags: security upstream
A security vulnerability exists in ulfius prior to version 2.7.4
CVE-2021-40540 [0]
ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info
initialization and a con_info->request NULL check for certain malformed
HTTP requests.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-40540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40540
Thanks
More information about the Debian-iot-maintainers
mailing list