Buffer Overflow in the URI parser of CivetWeb 1.16 (latest release as of yet).
The crash occurs here in src/civetweb.c during the last strcat marked.
See the pull request.
The PoC crashes the server performing an heap overflow, however it is possible to achieve remote code execution by crafting an exploit for this vulnerability.
cat http_request_crash_input.txt | nc 127.0.0.1 8080