Описание
Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted filename.
Ссылки
- Mailing ListPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Mailing ListPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.27.1 (исключая)
cpe:2.3:a:sthttpd_project:sthttpd:*:*:*:*:*:*:*:*
EPSS
Процентиль: 52%
0.00287
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-787
Связанные уязвимости
CVSS3: 7.8
debian
больше 8 лет назад
Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in ...
CVSS3: 7.8
github
больше 3 лет назад
Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted filename.
EPSS
Процентиль: 52%
0.00287
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-787