VYPR
Vendor

Sthttpd Project

Products
2
CVEs
3
Across products
4
Status
Private

Products

2

Recent CVEs

3
  • CVE-2017-10671HigJun 29, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted filename.

  • CVE-2021-26843HigFeb 7, 2021
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in sthttpd through 2.27.1. On systems where the strcpy function is implemented with memcpy, the de_dotdot function may cause a Denial-of-Service (daemon crash) due to overlapping memory ranges being passed to memcpy. This can triggered with an HTTP GET…

  • CVE-2013-0348Dec 13, 2013
    risk 0.00cvss epss 0.01

    thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.