CVE-2003-0899 — CRITICAL severity vulnerability (Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2)
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences.
| CVE ID | CVE-2003-0899 |
|---|---|
| Severity | CRITICAL |
| CVSS score | 9.8 |
| CVSS vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CWE | CWE-131 |
| Status | Modified |
| Published | 2003-11-03 |
| Last modified | 2026-04-16 |
| Description | Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences. |
| Source | NIST National Vulnerability Database |
🔍 Search all vulnerabilities →
$999/mo
Try CVECheck →