Описание
cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks '\0' termination of the path for CGI scripts because strncpy is misused.
cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks '\0' termination of the path for CGI scripts because strncpy is misused.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-46586
- https://github.com/ltworf/weborf/pull/88
- https://github.com/ltworf/weborf/pull/88/commits/7057d254b734dfc9cfb58983f901aa6ec3c94fd4
- https://github.com/ltworf/weborf/commit/49824204add55aab0568d90a6b1e7c822d32120d
- https://github.com/ltworf/weborf/commit/6f83c3e9ceed8b0d93608fd5d42b53c081057991
Связанные уязвимости
CVSS3: 9.1
ubuntu
больше 1 года назад
cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks '\0' termination of the path for CGI scripts because strncpy is misused.
CVSS3: 9.1
nvd
больше 1 года назад
cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks '\0' termination of the path for CGI scripts because strncpy is misused.
CVSS3: 9.1
debian
больше 1 года назад
cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks '\0' te ...