CoreHTTP (up to and including version 0.5.3.1) employs an insufficient input validation method for handling HTTP requests with invalid method names and URIs. Specifically, the vulnerability is an off-by-one buffer overflow in the sscanf() call at file src/http.c line numbers 45 and 46.
7895bd2e72f372fafa55aa28a36ef0e28ef9cb2efb8c7b6720638cb0cee1feee
CoreHTTP web server versions 0.5.3.1 and below denial of service off-by-one buffer overflow exploit.
65231e993dfa5fa765ec91e8715353dbb412ec468c13dabaa55a1abdbb10d02e