CVE-2019-16279

HIGH

nostromo nhttpd < 1.9.6 - Denial of Service via SSL_accept Memory Error

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-16279. PoCs published by ianxtianxt.

AI-analyzed exploit summary The repository contains a functional exploit script for CVE-2019-16279, which triggers a denial-of-service (DoS) condition by sending an excessive number of \r\n sequences to a target host and port. The exploit leverages a memory error in the target software, causing it to crash or refuse connections.

Description

A memory error in the function SSL_accept in nostromo nhttpd through 1.9.6 allows an attacker to trigger a denial of service via a crafted HTTP request.

Exploits (1)

nomisec WORKING POC
by ianxtianxt · poc
https://github.com/ianxtianxt/CVE-2019-16279

The repository contains a functional exploit script for CVE-2019-16279, which triggers a denial-of-service (DoS) condition by sending an excessive number of \r\n sequences to a target host and port. The exploit leverages a memory error in the target software, causing it to crash or refuse connections.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Unknown (likely a web server or service vulnerable to CRLF injection/memory corruption)
No auth needed
Prerequisites: Network access to the target host and port
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Release Notes, Third Party Advisory x_refsource_misc
http://www.nazgul.ch/dev/nostromo_cl.txt
Not Applicable x_refsource_misc
https://sp0re.sh
Exploit, Third Party Advisory x_refsource_misc
https://git.sp0re.sh/sp0re/Nhttpd-exploits

Scores

CVSS v3 7.5
EPSS 0.1980
EPSS Percentile 97.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-22
Status published
Products (1)
nazgul/nostromo_nhttpd < 1.9.6
Published Oct 14, 2019
Tracked Since Feb 18, 2026