An issue was discovered in sthttpd through 2.27.1. On systems where the strcpy function is implemented with memcpy, the de_dotdot function may cause a Denial-of-Service (daemon crash) due to overlapping memory ranges being passed to memcpy. This can triggered with an HTTP GET request for a crafted filename. NOTE: this is similar to CVE-2017-10671, but occurs in a different part of the de_dotdot function.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-02-07T20:14:34

Updated: 2024-08-03T20:33:41.029Z

Reserved: 2021-02-07T00:00:00

Link: CVE-2021-26843

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-02-07T21:15:11.790

Modified: 2024-11-21T05:56:53.407

Link: CVE-2021-26843

cve-icon Redhat

No data.