3 matches found
CVE-2024-23771
Consolidated data for CVE-2024-23771 shows that darkhttpd (C code http server) before version 1.15 uses strcmp to verify authentication, enabling timing-side-channel bypass of authentication. Multiple feeds (NVD, OSV, Fedora advisories) confirm the issue across affected releases and indicate the ...
CVE-2020-25691
CVE-2020-25691 describes a denial‑of‑service flaw in darkhttpd caused by invalid error handling when a remote attacker accesses a file with a large modification date. The impact is on availability. Connected sources confirm this vulnerability but do not specify affected versions, patches, or miti...
CVE-2024-23770
Darkhttpd prior to 1.16 (notably 1.15) is affected: local users can enumerate credentials used by --auth by listing processes and their arguments. Fedora advisories/Fedora OSS notes indicate update to darkhttpd 1.16 fixes this issue. In practice, affected product: darkhttpd HTTP server; root caus...