3 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in sthttpd through 2.27.1. On systems where the strcpy function is implemented with memcpy, the de_dotdot function may cause a Denial-of-Service (daemon crash) due to overlapping memory ranges being passed to memcpy. This can triggered with an HTTP GET request for a crafted filename. NOTE: this is similar to CVE-2017-10671, but occurs in a different part of the de_dotdot function. Se ha detectado un problema en sthttpd versiones hasta 2.27.1. • https://github.com/blueness/sthttpd/issues/14 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted filename. Un desbordamiento de búfer basado en memoria dinámica (heap) en la función de_dotdot en libhttpd.c en sthttpd 2.27.1 permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado del demonio) o, posiblemente, provocar cualquier otro tipo de problema mediante un nombre de archivo manipulado. • http://www.openwall.com/lists/oss-security/2017/06/15/9 https://github.com/blueness/sthttpd/commit/c0dc63a49d8605649f1d8e4a96c9b468b0bff660 https://github.com/blueness/sthttpd/releases/tag/v2.27.1 • CWE-787: Out-of-bounds Write •

CVSS: 2.1EPSS: 0%CPEs: 12EXPL: 0

thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file. thttpd.c en sthttpd antes de 2.26.4-r2 y httpd 2.25b usa permisos de lectura universales para / var / log / thttpd.log, lo que permite a usuarios locales obtener información sensible mediante la lectura del archivo. • http://lists.opensuse.org/opensuse-updates/2013-12/msg00050.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00015.html http://opensource.dyc.edu/gitweb/?p=sthttpd.git%3Ba=commitdiff%3Bh=d2e186dbd58d274a0dea9b59357edc8498b5388d http://www.openwall.com/lists/oss-security/2013/02/23/7 https://bugs.gentoo.org/show_bug.cgi?id=458896 https://bugzilla.redhat.com/show_bug.cgi?id=924857 • CWE-264: Permissions, Privileges, and Access Controls •