High severity7.5NVD Advisory· Published Feb 7, 2021· Updated Jun 17, 2026
CVE-2021-26843
CVE-2021-26843
Description
An issue was discovered in sthttpd through 2.27.1. On systems where the strcpy function is implemented with memcpy, the de_dotdot function may cause a Denial-of-Service (daemon crash) due to overlapping memory ranges being passed to memcpy. This can triggered with an HTTP GET request for a crafted filename. NOTE: this is similar to CVE-2017-10671, but occurs in a different part of the de_dotdot function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- sthttpd/sthttpddescription
- Range: <=2.27.1
Patches
Vulnerability mechanics
References
1- github.com/blueness/sthttpd/issues/14nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.