Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability

Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability

A buffer overflow vulnerability exists in the htpasswd utility included with Apache. The vulnerability is due to improper bounds checking when copying user-supplied 'user' data into local buffers.

Since the program is not setuid, this vulnerability does not have a local impact. However, this may be an issue if the software is called from a CGI script. An attacker may be able to supply malformed data to the program which will cause the overflow to occur.