CVE-2017-17663
CRITICALmini_httpd < 1.28 and thttpd < 2.28 - Remote Code Execution via htpasswd Buffer Overflow
Title source: llmDescription
The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
http://acme.com/updates/archive/199.html
Scores
CVSS v3
9.8
EPSS
0.0245
EPSS Percentile
82.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (2)
acme/mini_httpd
< 1.28
acme/thttpd
< 2.28
Published
Feb 06, 2018
Tracked Since
Feb 18, 2026