CVE Vulnerabilities

CVE-2013-4560

Use After Free

Published: Nov 20, 2013 | Modified: Apr 11, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.

Weakness

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory “belongs” to the code that operates on the new pointer.

Affected Software

Name Vendor Start Version End Version
Lighttpd Lighttpd * 1.4.33 (excluding)
Lighttpd Ubuntu lucid *
Lighttpd Ubuntu precise *
Lighttpd Ubuntu quantal *
Lighttpd Ubuntu raring *
Lighttpd Ubuntu saucy *
Lighttpd Ubuntu upstream *

Potential Mitigations

References