CVE-2021-26843 log

Source
Severity Medium
Remote Yes
Type Denial of service
Description
An issue was discovered in sthttpd through 2.27.1. On systems where the strcpy function is implemented with memcpy, the de_dotdot function may cause a Denial-of-Service (daemon crash) due to overlapping memory ranges being passed to memcpy. This can triggered with an HTTP GET request for a crafted filename. NOTE: this is similar to CVE-2017-10671, but occurs in a different part of the de_dotdot function.
Group Package Affected Fixed Severity Status Ticket
AVG-1542 sthttpd 2.27.1-3 Medium Vulnerable
References
https://github.com/blueness/sthttpd/issues/14
https://github.com/blueness/sthttpd/blob/master/src/libhttpd.c#L2406