{"id":"CVE-2017-10671","details":"Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted filename.","modified":"2026-04-11T03:56:49.308966Z","published":"2017-06-29T08:29:00.217Z","references":[{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/06/15/9"},{"type":"FIX","url":"https://github.com/blueness/sthttpd/commit/c0dc63a49d8605649f1d8e4a96c9b468b0bff660"},{"type":"FIX","url":"https://github.com/blueness/sthttpd/releases/tag/v2.27.1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/blueness/sthttpd","events":[{"introduced":"0"},{"fixed":"2845bf5bff2b820d2336c8c8061cbfc5f271e720"},{"fixed":"c0dc63a49d8605649f1d8e4a96c9b468b0bff660"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.27.1"}]}}],"database_specific":{"vanir_signatures_modified":"2026-04-11T03:56:49Z","vanir_signatures":[{"deprecated":false,"signature_version":"v1","target":{"file":"src/libhttpd.c"},"source":"https://github.com/blueness/sthttpd/commit/c0dc63a49d8605649f1d8e4a96c9b468b0bff660","signature_type":"Line","digest":{"line_hashes":["31622178336681743686303755056012371620","214863769995483382969825078872332022510","62992683728358547129517580158816060754","310969007111829704107366180939192588527"],"threshold":0.9},"id":"CVE-2017-10671-29b3bc57"},{"deprecated":false,"signature_version":"v1","target":{"function":"de_dotdot","file":"src/libhttpd.c"},"source":"https://github.com/blueness/sthttpd/commit/c0dc63a49d8605649f1d8e4a96c9b468b0bff660","signature_type":"Function","digest":{"function_hash":"64795455695707646306100003558705630774","length":1022},"id":"CVE-2017-10671-a63e0fd5"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-10671.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}