Lucene search
PRIOn knowledge basePRION:CVE-2021-26843HistoryFeb 07, 2021 - 9:15 p.m.
Design/Logic Flaw
2021-02-0721:15:00
PRIOn knowledge base
www.prio-n.com
2
An issue was discovered in sthttpd through 2.27.1. On systems where the strcpy function is implemented with memcpy, the de_dotdot function may cause a Denial-of-Service (daemon crash) due to overlapping memory ranges being passed to memcpy. This can triggered with an HTTP GET request for a crafted filename. NOTE: this is similar to CVE-2017-10671, but occurs in a different part of the de_dotdot function.
References
Related
cve
cve
CVE-2021-26843
2021-02-07 21:15:11
CVE-2017-10671
2017-06-29 08:29:00
osv
osv
CVE-2021-26843
2021-02-07 21:15:11
CVE-2017-10671
2017-06-29 08:29:00
cvelist
cvelist
CVE-2021-26843
2021-02-07 20:14:34
CVE-2017-10671
2017-06-29 08:00:00
nvd
nvd
CVE-2021-26843
2021-02-07 21:15:11
CVE-2017-10671
2017-06-29 08:29:00
prion
prion
Heap overflow
2017-06-29 08:29:00
archlinux
archlinux
[ASA-201802-5] sthttpd: arbitrary code execution
2018-02-09 00:00:00