CVE-2021-26843

An issue was discovered in sthttpd through 2.27.1. On systems where the strcpy function is implemented with memcpy, the de_dotdot function may cause a Denial-of-Service (daemon crash) due to overlapping memory ranges being passed to memcpy. This can triggered with an HTTP GET request for a crafted filename. NOTE: this is similar to CVE-2017-10671, but occurs in a different part of the de_dotdot function.
References
Link Resource
https://github.com/blueness/sthttpd/issues/14 Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:sthttpd_project:sthttpd:*:*:*:*:*:*:*:*

Information

Published : 2021-02-07 13:15

Updated : 2021-02-09 06:00


NVD link : CVE-2021-26843

Mitre link : CVE-2021-26843


JSON object : View

CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

dedicated server usa

Products Affected

sthttpd_project

  • sthttpd