CVE Vulnerabilities

CVE-2008-0983

Published: Feb 26, 2008 | Modified: Oct 15, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.

Affected Software

Name Vendor Start Version End Version
Lighttpd Lighttpd 1.4.18 1.4.18
Lighttpd Lighttpd 1.4.8 1.4.8
Lighttpd Lighttpd 1.4.17 1.4.17
Lighttpd Lighttpd 1.4.11 1.4.11
Lighttpd Lighttpd 1.4.14 1.4.14
Lighttpd Lighttpd 1.4.10 1.4.10
Lighttpd Lighttpd 1.4.16 1.4.16
Lighttpd Lighttpd 1.4.12 1.4.12
Lighttpd Lighttpd 1.4.9 1.4.9
Lighttpd Lighttpd 1.4.7 1.4.7
Lighttpd Lighttpd 1.4.15 1.4.15
Lighttpd Lighttpd 1.4.13 1.4.13

References