High severity7.5NVD Advisory· Published Mar 27, 2017· Updated May 13, 2026

CVE-2017-5850

Description

httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header.

Affected products

OpenBSD/OpenBSD
cpe:2.3:o:openbsd:openbsd:6.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/034_httpd.patch.signvdPatchVendor Advisory
ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/017_httpd.patch.signvdPatchVendor Advisory
github.com/openbsd/src/commit/142cfc82b932bc211218fbd7bdda8c7ce83f19dfnvdPatchThird Party Advisory
packetstormsecurity.com/files/140944/OpenBSD-HTTP-Server-6.0-Denial-Of-Service.htmlnvdExploitThird Party AdvisoryVDB Entry
pierrekim.github.io/blog/2017-02-07-openbsd-httpd-CVE-2017-5850.htmlnvdExploitPatchThird Party Advisory
www.exploit-db.com/exploits/41278/nvdExploitPatchThird Party AdvisoryVDB Entry
marc.infonvdMailing ListThird Party Advisory
seclists.org/fulldisclosure/2017/Feb/15nvdThird Party AdvisoryVDB Entry
www.openwall.com/lists/oss-security/2017/02/02/6nvdMailing ListThird Party Advisory
www.securityfocus.com/bid/95997nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1037758nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.040
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000