CVE-2017-10671

Name of the Vulnerable Software and Affected Versions sthttpd versions prior to 2.27.1

Description The issue is related to a Heap-based Buffer Overflow in the de dotdot function in libhttpd.c, which can be exploited by remote attackers using a crafted filename. This can cause a denial of service, resulting in the daemon crashing, or possibly have other unspecified impacts.

Recommendations For versions prior to 2.27.1, update to version 2.27.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the de dotdot function in libhttpd.c to minimize the risk of exploitation.