CVE-2021-26843

CVE-2021-26843

An issue was discovered in sthttpd through 2.27.1. On systems where the strcpy function is implemented with memcpy, the de_dotdot function may cause a Denial-of-Service (daemon crash) due to overlapping memory ranges being passed to memcpy. This can triggered with an HTTP GET request for a crafted filename. NOTE: this is similar to CVE-2017-10671, but occurs in a different part of the de_dotdot function.

Source: CVE-2021-26843

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다