CVE-2017-10671

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted filename.
Group Package Affected Fixed Severity Status Ticket
AVG-333 sthttpd 2.27.0-3 2.27.1-1 High Fixed
Date Advisory Group Package Severity Description
09 Feb 2018 ASA-201802-5 AVG-333 sthttpd High arbitrary code execution
References
https://github.com/blueness/sthttpd/commit/c0dc63a49d8605649f1d8e4a96c9b468b0bff660
http://seclists.org/oss-sec/2017/q2/481