Vulnerability CVE-2020-13432
Published: 2020-06-08

Description:
rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests with a long URI or long HTTP headers.

See advisories in our WLB2 database:
Topic
Author
Date
High
HFS Http File Server 2.3m Build 300 Buffer Overflow
hyp3rlinx
08.06.2020
Med.
Known Vulnerable Component - Heap Corruption
malvuln
04.04.2021

Type:

CWE-119

 (Improper Restriction of Operations within the Bounds of a Memory Buffer)

 References:
http://hyp3rlinx.altervista.org/advisories/HFS-HTTP-FILE-SERVER-v2.3-REMOTE-BUFFER-OVERFLOW-DoS.txt
https://github.com/rejetto/hfs2/commit/b8ebfc4e22948e1a61506cd66e397b61ea5ea5de
https://packetstormsecurity.com/files/157980/HFS-Http-File-Server-2.3m-Build-300-Buffer-Overflow.html
https://www.rejetto.com/hfs/?f=wn
Copyright 2024, cxsecurity.com

 

Back to Top