← CVECheck
HomeVulnerabilities

CVE-2003-0899 — CRITICAL severity vulnerability (Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2)

Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "&lt;" and "&gt;" sequences.

CVE IDCVE-2003-0899
SeverityCRITICAL
CVSS score9.8
CVSS vectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWECWE-131
StatusModified
Published2003-11-03
Last modified2026-04-16
DescriptionBuffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "&lt;" and "&gt;" sequences.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →