Headline
CVE-2020-25691: sending an HTTP GET to a file with large modification date can cause a DoS
A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability.
Description Marian Rehak 2020-11-02 13:13:34 UTC
Invalid error handling in function rfc1123_date in darkhttpd.c in darhttpd allows remote attackers to cause denial-of-service by accessing a file with large modification date
Comment 1 Marian Rehak 2021-07-21 11:05:29 UTC
Created darkhttpd tracking bugs for this issue:
Affects: epel-7 [bug 1984391] Affects: fedora-all [bug 1984389]
Comment 2 Product Security DevOps Team 2021-07-21 15:54:40 UTC
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
Comment 3 Product Security DevOps Team 2021-07-21 21:54:42 UTC
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.