Primary

Context

webfsd Buffer Overflow Vulnerability in request.c

Vulnerability

A buffer overflow vulnerability has been identified in webfsd version 1.21. This issue arises from the filename variable being accessed without proper length validation, allowing for out-of-bounds memory access. The vulnerability can be exploited by sending a crafted HTTP request with a very long URI, causing the server to crash. When the server is compiled with AddressSanitizer and UndefinedBehaviorSanitizer, it reports a stack-buffer-overflow error before aborting.

Impact

Exploitation of this vulnerability leads to a remote, unauthenticated denial-of-service condition, causing the server process to crash.

Reproduction

The vulnerability can be reproduced by cloning the webfsd repository, checking out the affected version 1.21, and then building the server with AddressSanitizer and UndefinedBehaviorSanitizer enabled. After starting the server, a long HTTP request URI can be sent using curl, which will trigger the buffer overflow and cause the server to crash.

Added: Feb 12, 2026, 8:25 PM

Updated: Feb 12, 2026, 8:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

webfsd Buffer Overflow Vulnerability in request.c

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating