What is CVE-2011-2900?

CVE-2011-2900 is a vulnerability in Shttpd, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2011-08-05.

Is CVE-2011-2900 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Shttpd

CVE-2011-2900

Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1…

Vulnerability class: Buffer Overflow

EPSS: 0.537 (98.0th percentile) — read the EPSS interpretation.

Affected products

Shttpd — versions 1.42
Valenok Mongoose — versions 3.0
Yassl Yasslews — versions 0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

FEDORA-2011-11823 (x_refsource_FEDORA, vendor-advisory)
48980 (vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
45464 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
45902 (x_refsource_SECUNIA, third-party-advisory)
FEDORA-2011-11825 (x_refsource_FEDORA, vendor-advisory)
mongoose-put-bo(68991) (vdb-entry, x_refsource_XF)
[oss-security] 20110803 CVE id request: shttpd/mongoose/yassl embedded webserver (mailing-list, x_refsource_MLIST, Patch)
8337 (x_refsource_SREASON, third-party-advisory)
FEDORA-2011-11636 (x_refsource_FEDORA, vendor-advisory)

Frequently asked questions

What is CVE-2011-2900?: CVE-2011-2900 is a vulnerability in Shttpd, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2011-08-05.
Is CVE-2011-2900 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.