PT-2025-12854 · Atophttpd · Atophttpd
Published
2025-03-26
·
Updated
2025-03-26
·
CVE-2025-30742
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
atophttpd version 2.8.0
Description
The issue is caused by an off-by-one error in httpd.c, resulting in an out-of-bounds read. This occurs when a 1024-character req string is processed without a final '0' character.
Recommendations
For atophttpd version 2.8.0, consider updating to a newer version that addresses this issue, as the current version has a known off-by-one error and resultant out-of-bounds read.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Atophttpd