CVE-2011-2900

Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011.

Published : 2011-08-05 21:55 Updated : 2017-08-29 01:29

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Shttpd Shttpd 1.42 cpe:/a:shttpd:shttpd:1.42
Valenok Mongoose 3.0 cpe:/a:valenok:mongoose:3.0
Yassl Yasslews 0.2 cpe:/a:yassl:yasslews:0.2
  1. Shttpd (1) Search CVE
    1. Shttpd (1) Search CVE
      1. 1.42
  2. Yassl (1) Search CVE
    1. Yasslews (1) Search CVE
      1. 0.2
  3. Valenok (1) Search CVE
    1. Mongoose (1) Search CVE
      1. 3.0

CWE

ID Name Description Links
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. CVE

History of changes

Date Event
2017-08-29 06:01
2011-08-05 21:55

New CVE