| Title | Zaher1307 TinyWebServer >0.0.0 Stack-based Buffer Overflow |
|---|
| Description | TinyWebServer is a simple web server that combines many of the ideas such as process control, Unix I/O, the sockets interface, and HTTP.
This code is vulnerable to CWE-787: Out-of-bounds Write (Stack Buffer Overflow) due to the use of the unsafe sprintf() function in the client_error() function. The function processes a user-controlled HTTP request URI. When a file is not found (stat() returns -1), the error handling functionclient_error()is called with the filename (which contains the user-controlled URI) as the cause parameter. The function then uses sprintf() to format this unvalidated input into a fixed-size stack buffer linebuf[8192] without any boundary checking.
More details: https://github.com/Zaher1307/tiny_web_server/issues/1 |
|---|
| Source | ⚠️ https://github.com/Zaher1307/tiny_web_server |
|---|
| User | ypuluzm (UID 95444) |
|---|
| Submission | 02/11/2026 03:47 (3 months ago) |
|---|
| Moderation | 02/21/2026 16:21 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 347312 [Zaher1307 tiny_web_server up to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b URL tiny_web_server/tiny.c out-of-bounds write] |
|---|
| Points | 20 |
|---|