lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Lighttpd | Lighttpd | 1.4.18 | 1.4.18 |
Lighttpd | Lighttpd | 1.4.8 | 1.4.8 |
Lighttpd | Lighttpd | 1.4.17 | 1.4.17 |
Lighttpd | Lighttpd | 1.4.11 | 1.4.11 |
Lighttpd | Lighttpd | 1.4.14 | 1.4.14 |
Lighttpd | Lighttpd | 1.4.10 | 1.4.10 |
Lighttpd | Lighttpd | 1.4.16 | 1.4.16 |
Lighttpd | Lighttpd | 1.4.12 | 1.4.12 |
Lighttpd | Lighttpd | 1.4.9 | 1.4.9 |
Lighttpd | Lighttpd | 1.4.7 | 1.4.7 |
Lighttpd | Lighttpd | 1.4.15 | 1.4.15 |
Lighttpd | Lighttpd | 1.4.13 | 1.4.13 |