| Titre | Zaher1307 TinyWebServer >0.0.0 Stack-based Buffer Overflow |
|---|
| Description | TinyWebServer is a simple web server that combines many of the ideas such as process control, Unix I/O, the sockets interface, and HTTP.
This code is vulnerable to CWE-787: Out-of-bounds Write (Stack Buffer Overflow) due to the use of the unsafe sprintf() function in the client_error() function. The function processes a user-controlled HTTP request URI. When a file is not found (stat() returns -1), the error handling functionclient_error()is called with the filename (which contains the user-controlled URI) as the cause parameter. The function then uses sprintf() to format this unvalidated input into a fixed-size stack buffer linebuf[8192] without any boundary checking.
More details: https://github.com/Zaher1307/tiny_web_server/issues/1 |
|---|
| La source | ⚠️ https://github.com/Zaher1307/tiny_web_server |
|---|
| Utilisateur | ypuluzm (UID 95444) |
|---|
| Soumission | 11/02/2026 03:47 (il y a 3 mois) |
|---|
| Modérer | 21/02/2026 16:21 (11 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 347312 [Zaher1307 tiny_web_server URL tiny_web_server/tiny.c buffer overflow] |
|---|
| Points | 20 |
|---|