CVE-2008-0983

lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.

Affected Software

Name	Vendor	Start Version	End Version
Lighttpd	Lighttpd	1.4.7 (including)	1.4.7 (including)
Lighttpd	Lighttpd	1.4.8 (including)	1.4.8 (including)
Lighttpd	Lighttpd	1.4.9 (including)	1.4.9 (including)
Lighttpd	Lighttpd	1.4.10 (including)	1.4.10 (including)
Lighttpd	Lighttpd	1.4.11 (including)	1.4.11 (including)
Lighttpd	Lighttpd	1.4.12 (including)	1.4.12 (including)
Lighttpd	Lighttpd	1.4.13 (including)	1.4.13 (including)
Lighttpd	Lighttpd	1.4.14 (including)	1.4.14 (including)
Lighttpd	Lighttpd	1.4.15 (including)	1.4.15 (including)
Lighttpd	Lighttpd	1.4.16 (including)	1.4.16 (including)
Lighttpd	Lighttpd	1.4.17 (including)	1.4.17 (including)
Lighttpd	Lighttpd	1.4.18 (including)	1.4.18 (including)
Lighttpd	Ubuntu	dapper	*
Lighttpd	Ubuntu	devel	*
Lighttpd	Ubuntu	edgy	*
Lighttpd	Ubuntu	feisty	*
Lighttpd	Ubuntu	gutsy	*
Lighttpd	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-0983
CWE	https://cwe.mitre.org/data/definitions/399.html

Affected Software

References