Filtered by vendor Sthttpd Project
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-10671 | 1 Sthttpd Project | 1 Sthttpd | 2024-08-05 | 7.8 High |
| Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted filename. | ||||
| CVE-2021-26843 | 1 Sthttpd Project | 1 Sthttpd | 2024-08-03 | 7.5 High |
| An issue was discovered in sthttpd through 2.27.1. On systems where the strcpy function is implemented with memcpy, the de_dotdot function may cause a Denial-of-Service (daemon crash) due to overlapping memory ranges being passed to memcpy. This can triggered with an HTTP GET request for a crafted filename. NOTE: this is similar to CVE-2017-10671, but occurs in a different part of the de_dotdot function. | ||||
Page 1 of 1.