17 matches found
EUVD-2021-13627
Malware in sbrugna...
EUVD-2017-2318
Malware in sbrugna...
CVE-2021-26843
An issue was discovered in sthttpd through 2.27.1. On systems where the strcpy function is implemented with memcpy, the dedotdot function may cause a Denial-of-Service daemon crash due to overlapping memory ranges being passed to memcpy. This can triggered with an HTTP GET request for a crafted...
sthttpd Denial of Service Vulnerability
sthttpd is an improved version of thttpd, a small, simple, fast and secure HTTP server implementation that supports HTTP/1.1. A denial of service vulnerability exists in sthttpd version 2.27.1 and earlier. The vulnerability is related to a memory error in the handling of the dedotdot function in...
CVE-2021-26843
An issue was discovered in sthttpd through 2.27.1. On systems where the strcpy function is implemented with memcpy, the dedotdot function may cause a Denial-of-Service daemon crash due to overlapping memory ranges being passed to memcpy. This can triggered with an HTTP GET request for a crafted...
CVE-2021-26843
An issue was discovered in sthttpd through 2.27.1. On systems where the strcpy function is implemented with memcpy, the dedotdot function may cause a Denial-of-Service daemon crash due to overlapping memory ranges being passed to memcpy. This can triggered with an HTTP GET request for a crafted...
Design/Logic Flaw
An issue was discovered in sthttpd through 2.27.1. On systems where the strcpy function is implemented with memcpy, the dedotdot function may cause a Denial-of-Service daemon crash due to overlapping memory ranges being passed to memcpy. This can triggered with an HTTP GET request for a crafted...
CVE-2021-26843
The connected sources confirm a vulnerability in sthttpd up to version 2.27.1 involving the de_dotdot function in libhttpd.c. When the C strcpy is implemented via memcpy, overlapping memory regions passed to memcpy during de_dotdot can trigger a Denial-of-Service (daemon crash) via a crafted HTTP...
CVE-2021-26843
An issue was discovered in sthttpd through 2.27.1. On systems where the strcpy function is implemented with memcpy, the dedotdot function may cause a Denial-of-Service daemon crash due to overlapping memory ranges being passed to memcpy. This can triggered with an HTTP GET request for a crafted...
sthttpd 缓冲区错误漏洞
sthttpd is an improved version of thttpd, a small, simple, fast and secure HTTP server implementation that supports HTTP/1.1. A denial of service vulnerability exists in sthttpd version 2.27.1 and earlier. The vulnerability is related to a memory error in the handling of the dedotdot function in...
[ASA-201802-5] sthttpd: arbitrary code execution
Arch Linux Security Advisory ASA-201802-5 ========================================= Severity: High Date : 2018-02-09 CVE-ID : CVE-2017-10671 Package : sthttpd Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-333 Summary ======= The package sthttpd before...
Heap overflow
Heap-based Buffer Overflow in the dedotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service daemon crash or possibly have unspecified other impact via a crafted filename...
CVE-2017-10671
Heap-based Buffer Overflow in the dedotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service daemon crash or possibly have unspecified other impact via a crafted filename...
CVE-2017-10671
Heap-based Buffer Overflow in the dedotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service daemon crash or possibly have unspecified other impact via a crafted filename...
CVE-2017-10671
CVE-2017-10671 affects sthttpd up to version 2.27.1. Heap-based Buffer Overflow occurs in the de_dotdot function in libhttpd.c, allowing remote attackers to cause a denial of service (daemon crash) and potentially other impact via a crafted filename. Upstream fixes are in 2.27.1 (as noted by Arch...
sthttpd 'de_dotdot' function heap buffer overflow vulnerability
sthttpd is a lightweight HTTP server that supports URL-based file traffic limiting as well as support for multiple platforms such as FreeBSD, SunOS, Solaris, BSD, etc. sthttpd is an improved version of thttpd that includes an embedding feature that enables the development of web servers for...
CVE-2013-0348
CVE-2013-0348 affects thttpd/thttpd-derived sthttpd: versions prior to 2.26.4-r2 and 2.25b expose a world-readable /var/log/thttpd.log. The root cause is incorrect file permissions, permitting local users to read sensitive information from the log file. Implication: local information disclosure w...