Primary

Context

GNU Libmicrohttpd NULL Pointer Dereference Vulnerability Allowing Denial-of-Service

Vulnerability

A NULL pointer dereference vulnerability has been identified in GNU Libmicrohttpd versions through 1.0.2. This vulnerability, present in the experimental WebSocket support library 'libmicrohttpd_ws.so', can be exploited by sending a specially crafted packet, leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a denial-of-service condition, where the application may crash or become unresponsive.

Remediation

Users are advised to stop using 'libmicrohttpd_ws.so', as it is an experimental implementation. The vulnerability has been fixed in the official GNU Libmicrohttpd Git repository after the v1.0.2 tag.

Added: Nov 10, 2025, 5:19 AM

Updated: Nov 10, 2025, 5:19 AM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

8.1

remediation

8.3

relevance

1.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

8.1

remediation

8.3

relevance

1.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GNU Libmicrohttpd NULL Pointer Dereference Vulnerability Allowing Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

GNU libmicrohttpd

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating