An issue was discovered in sthttpd through 2.27.1. On systems where the strcpy function is implemented with memcpy, the de_dotdot function may cause a Denial-of-Service (daemon crash) due to overlapping memory ranges being passed to memcpy. This can triggered with an HTTP GET request for a crafted filename. NOTE: this is similar to CVE-2017-10671, but occurs in a different part of the de_dotdot function.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/blueness/sthttpd/issues/14 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-02-07T20:14:34
Updated: 2024-08-03T20:33:41.029Z
Reserved: 2021-02-07T00:00:00
Link: CVE-2021-26843
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-02-07T21:15:11.790
Modified: 2024-11-21T05:56:53.407
Link: CVE-2021-26843
Redhat
No data.