Описание
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences.
Ссылки
- ExploitMailing List
- Broken LinkPatchVendor Advisory
- Broken Link
- Broken LinkExploitPatchThird Party AdvisoryVDB Entry
- Broken LinkURL Repurposed
- Third Party AdvisoryVDB Entry
- Broken Link
- ExploitMailing List
- Broken LinkPatchVendor Advisory
- Broken Link
- Broken LinkExploitPatchThird Party AdvisoryVDB Entry
- Broken LinkURL Repurposed
- Third Party AdvisoryVDB Entry
- Broken Link
Уязвимые конфигурации
Конфигурация 1Версия от 2.21 (включая) до 2.23 (исключая)
Одно из
cpe:2.3:a:acme:thttpd:*:*:*:*:*:*:*:*
cpe:2.3:a:acme:thttpd:2.23:-:*:*:*:*:*:*
cpe:2.3:a:acme:thttpd:2.23:b1:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.29192
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-131
Связанные уязвимости
CVSS3: 9.8
debian
больше 21 года назад
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allo ...
CVSS3: 9.8
github
около 3 лет назад
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences.
EPSS
Процентиль: 96%
0.29192
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-131