CVE-2017-10671

Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted filename.

CVSS v3 7.8 HIGH
CVSS v2.0 6.8 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.openwall.com/lists/oss-security/2017/06/15/9	Mailing List Patch Third Party Advisory
https://github.com/blueness/sthttpd/commit/c0dc63a49d8605649f1d8e4a96c9b468b0bff660	Issue Tracking Patch Third Party Advisory
https://github.com/blueness/sthttpd/releases/tag/v2.27.1	Issue Tracking Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:sthttpd_project:sthttpd:*:*:*:*:*:*:*:*

History

19 Jul 2024, 13:05

Type	Values Removed	Values Added
CPE	cpe:2.3:a:sthttpd_project:sthttpd:-:::::::*	cpe:2.3:a:sthttpd_project:sthttpd::::::::
CWE	~~CWE-119~~	CWE-787

Information

Published : 2017-06-29 08:29

Updated : 2024-07-19 13:05

NVD link : CVE-2017-10671

Mitre link : CVE-2017-10671

CVE.ORG link : CVE-2017-10671

JSON object : View

Products Affected

sthttpd_project

sthttpd

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2017-10671", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2017-06-29T08:29:00.217", "references": [{"url": "http://www.openwall.com/lists/oss-security/2017/06/15/9", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/blueness/sthttpd/commit/c0dc63a49d8605649f1d8e4a96c9b468b0bff660", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/blueness/sthttpd/releases/tag/v2.27.1", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted filename."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en la funci\u00f3n de_dotdot en libhttpd.c en sthttpd 2.27.1 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (cierre inesperado del demonio) o, posiblemente, provocar cualquier otro tipo de problema mediante un nombre de archivo manipulado."}], "lastModified": "2024-07-19T13:05:10.600", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sthttpd_project:sthttpd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFA373F1-7E30-4622-BA6A-760DE220A150", "versionEndExcluding": "2.27.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}