| tiêu đề | Zaher1307 TinyWebServer >0.0.0 Stack-based Buffer Overflow |
|---|
| Mô tả | TinyWebServer is a simple web server that combines many of the ideas such as process control, Unix I/O, the sockets interface, and HTTP.
This code is vulnerable to CWE-787: Out-of-bounds Write (Stack Buffer Overflow) due to the use of the unsafe sprintf() function in the client_error() function. The function processes a user-controlled HTTP request URI. When a file is not found (stat() returns -1), the error handling functionclient_error()is called with the filename (which contains the user-controlled URI) as the cause parameter. The function then uses sprintf() to format this unvalidated input into a fixed-size stack buffer linebuf[8192] without any boundary checking.
More details: https://github.com/Zaher1307/tiny_web_server/issues/1 |
|---|
| Nguồn | ⚠️ https://github.com/Zaher1307/tiny_web_server |
|---|
| Người dùng | ypuluzm (UID 95444) |
|---|
| Đệ trình | 11/02/2026 03:47 (cách đây 3 các tháng) |
|---|
| Kiểm duyệt | 21/02/2026 16:21 (11 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 347312 [Zaher1307 tiny_web_server đến 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b URL tiny_web_server/tiny.c tràn bộ đệm] |
|---|
| điểm | 20 |
|---|