CVE-2021-26843

Name of the Vulnerable Software and Affected Versions: sthttpd versions prior to 2.27.1

Description: An issue in the de dotdot function can cause a Denial-of-Service (daemon crash) due to overlapping memory ranges being passed to memcpy when the strcpy function is implemented with memcpy. This can be triggered with an HTTP GET request for a crafted filename.

Recommendations: For versions prior to 2.27.1, update to version 2.27.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the de dotdot function to minimize the risk of exploitation.