2 matches found
CVE-2021-26843
The connected sources confirm a vulnerability in sthttpd up to version 2.27.1 involving the de_dotdot function in libhttpd.c. When the C strcpy is implemented via memcpy, overlapping memory regions passed to memcpy during de_dotdot can trigger a Denial-of-Service (daemon crash) via a crafted HTTP...
CVE-2017-10671
CVE-2017-10671 affects sthttpd up to version 2.27.1. Heap-based Buffer Overflow occurs in the de_dotdot function in libhttpd.c, allowing remote attackers to cause a denial of service (daemon crash) and potentially other impact via a crafted filename. Upstream fixes are in 2.27.1 (as noted by Arch...