Description
Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://github.com/civetweb/civetweb/issues/633
Patch, Third Party Advisory x_refsource_misc
https://github.com/civetweb/civetweb/commit/8fd069f6dedb064339f1091069ac96f3f8bdb552
Scores
CVSS v3
7.1
EPSS
0.0019
EPSS Percentile
40.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Details
CWE
CWE-125
CWE-200
Status
published
Products (1)
civetweb_project/civetweb
< 1.10
Published
Jun 22, 2018
Tracked Since
Feb 18, 2026