CVE-2017-10671

Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted filename.
References
Link Resource
http://www.openwall.com/lists/oss-security/2017/06/15/9 Mailing List Patch Third Party Advisory
https://github.com/blueness/sthttpd/commit/c0dc63a49d8605649f1d8e4a96c9b468b0bff660 Issue Tracking Patch Third Party Advisory
https://github.com/blueness/sthttpd/releases/tag/v2.27.1 Issue Tracking Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:sthttpd_project:sthttpd:*:*:*:*:*:*:*:*

History

19 Jul 2024, 13:05

Type Values Removed Values Added
CPE cpe:2.3:a:sthttpd_project:sthttpd:-:*:*:*:*:*:*:* cpe:2.3:a:sthttpd_project:sthttpd:*:*:*:*:*:*:*:*
CWE CWE-119 CWE-787

Information

Published : 2017-06-29 08:29

Updated : 2024-07-19 13:05


NVD link : CVE-2017-10671

Mitre link : CVE-2017-10671

CVE.ORG link : CVE-2017-10671


JSON object : View

Products Affected

sthttpd_project

  • sthttpd
CWE
CWE-787

Out-of-bounds Write