Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "&lt;" and "&gt;" sequences.

Threat-Mapped Scoring

Score: 1.9

Priority: P3 - Important (Medium)

• S9 – Sabotage of System/App
• S10 – Denial of Service (+0.1 bonus)

EPSS

Score: 0.36216
Percentile: 0.9693

CVSS Scoring

Mapped CWE(s)

• CWE-131 : Incorrect Calculation of Buffer Size

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

• cpe:2.3:a:acme:thttpd:*:*:*:*:*:*:*:*
• cpe:2.3:a:acme:thttpd:2.23:-:*:*:*:*:*:*
• cpe:2.3:a:acme:thttpd:2.23:b1:*:*:*:*:*:*

← Back to Home