Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted filename.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2017/06/15/9 | Mailing List Patch Third Party Advisory |
https://github.com/blueness/sthttpd/commit/c0dc63a49d8605649f1d8e4a96c9b468b0bff660 | Issue Tracking Patch Third Party Advisory |
https://github.com/blueness/sthttpd/releases/tag/v2.27.1 | Issue Tracking Patch Third Party Advisory |
Configurations
History
19 Jul 2024, 13:05
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:sthttpd_project:sthttpd:*:*:*:*:*:*:*:* | |
CWE | CWE-787 |
Information
Published : 2017-06-29 08:29
Updated : 2024-07-19 13:05
NVD link : CVE-2017-10671
Mitre link : CVE-2017-10671
CVE.ORG link : CVE-2017-10671
JSON object : View
Products Affected
sthttpd_project
- sthttpd
CWE
CWE-787
Out-of-bounds Write