Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2012-5640

created 2 months ago Activity log

Created suggestion 2 months ago

thttpd has a local DoS vulnerability via specially-crafted .htpasswd files

thttpd has a local DoS vulnerability via specially-crafted .htpasswd files

References

https://security-tracker.debian.org/tracker/CVE-2012-5640 x_transferredx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5640 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/12/15/1 x_transferredx_refsource_MISC
Red Hat vendor-advisoryx_transferredx_refsource_REDHAT

Affected products

thttpd

==2012-12-15

Matching in nixpkgs

pkgs.thttpd

Tiny/turbo/throttling HTTP server

nixos-unstable 2.29
- nixpkgs-unstable 2.29
- nixos-unstable-small 2.29
nixos-25.11 2.29
- nixos-25.11-small 2.29
- nixpkgs-25.11-darwin 2.29

pkgs.althttpd

Althttpd webserver

nixos-unstable 0-unstable-2025-08-22
- nixpkgs-unstable 0-unstable-2025-08-22
- nixos-unstable-small 0-unstable-2025-08-22
nixos-25.11 0-unstable-2023-08-12
- nixos-25.11-small 0-unstable-2023-08-12
- nixpkgs-25.11-darwin 0-unstable-2023-08-12

Package maintainers

@siraben Siraphob Phipathananunth <bensiraphob@gmail.com>