CVE-2017-17663

CRITICAL

mini_httpd < 1.28 and thttpd < 2.28 - Remote Code Execution via htpasswd Buffer Overflow

Title source: llm
STIX 2.1

Description

The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution.

References (1)

Core 1
Core References
Third Party Advisory x_refsource_confirm
http://acme.com/updates/archive/199.html

Scores

CVSS v3 9.8
EPSS 0.0245
EPSS Percentile 82.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (2)
acme/mini_httpd < 1.28
acme/thttpd < 2.28
Published Feb 06, 2018
Tracked Since Feb 18, 2026