CVE-2021-26843 log

Severity Medium
Remote Yes
Type Arbitrary code execution
An issue was discovered in sthttpd through 2.27.1. On systems where the strcpy function is implemented with memcpy, the de_dotdot function may cause a Denial-of-Service (daemon crash) due to overlapping memory ranges being passed to memcpy. This can triggered with an HTTP GET request for a crafted filename. NOTE: this is similar to CVE-2017-10671, but occurs in a different part of the de_dotdot function.
Group Package Affected Fixed Severity Status Ticket
AVG-1542 sthttpd 2.27.1-3 Medium Unknown