CVE-2008-0983

2008-02-2618:44:00

CWE-399

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.5

Confidence

High

EPSS

0.1

Percentile

95.0%

JSON

lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.

Affected configurations

Nvd

Node

lighttpdlighttpdMatch1.4.7

lighttpdlighttpdMatch1.4.8

lighttpdlighttpdMatch1.4.9

lighttpdlighttpdMatch1.4.10

lighttpdlighttpdMatch1.4.11

lighttpdlighttpdMatch1.4.12

lighttpdlighttpdMatch1.4.13

lighttpdlighttpdMatch1.4.14

lighttpdlighttpdMatch1.4.15

lighttpdlighttpdMatch1.4.16

lighttpdlighttpdMatch1.4.17

lighttpdlighttpdMatch1.4.18

VendorProductVersionCPE
lighttpdlighttpd1.4.7cpe:2.3:a:lighttpd:lighttpd:1.4.7:*:*:*:*:*:*:*
lighttpdlighttpd1.4.8cpe:2.3:a:lighttpd:lighttpd:1.4.8:*:*:*:*:*:*:*
lighttpdlighttpd1.4.9cpe:2.3:a:lighttpd:lighttpd:1.4.9:*:*:*:*:*:*:*
lighttpdlighttpd1.4.10cpe:2.3:a:lighttpd:lighttpd:1.4.10:*:*:*:*:*:*:*
lighttpdlighttpd1.4.11cpe:2.3:a:lighttpd:lighttpd:1.4.11:*:*:*:*:*:*:*
lighttpdlighttpd1.4.12cpe:2.3:a:lighttpd:lighttpd:1.4.12:*:*:*:*:*:*:*
lighttpdlighttpd1.4.13cpe:2.3:a:lighttpd:lighttpd:1.4.13:*:*:*:*:*:*:*
lighttpdlighttpd1.4.14cpe:2.3:a:lighttpd:lighttpd:1.4.14:*:*:*:*:*:*:*
lighttpdlighttpd1.4.15cpe:2.3:a:lighttpd:lighttpd:1.4.15:*:*:*:*:*:*:*
lighttpdlighttpd1.4.16cpe:2.3:a:lighttpd:lighttpd:1.4.16:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lighttpd	lighttpd	1.4.7	cpe:2.3:a:lighttpd:lighttpd:1.4.7:::::::*
lighttpd	lighttpd	1.4.8	cpe:2.3:a:lighttpd:lighttpd:1.4.8:::::::*
lighttpd	lighttpd	1.4.9	cpe:2.3:a:lighttpd:lighttpd:1.4.9:::::::*
lighttpd	lighttpd	1.4.10	cpe:2.3:a:lighttpd:lighttpd:1.4.10:::::::*
lighttpd	lighttpd	1.4.11	cpe:2.3:a:lighttpd:lighttpd:1.4.11:::::::*
lighttpd	lighttpd	1.4.12	cpe:2.3:a:lighttpd:lighttpd:1.4.12:::::::*
lighttpd	lighttpd	1.4.13	cpe:2.3:a:lighttpd:lighttpd:1.4.13:::::::*
lighttpd	lighttpd	1.4.14	cpe:2.3:a:lighttpd:lighttpd:1.4.14:::::::*
lighttpd	lighttpd	1.4.15	cpe:2.3:a:lighttpd:lighttpd:1.4.15:::::::*
lighttpd	lighttpd	1.4.16	cpe:2.3:a:lighttpd:lighttpd:1.4.16:::::::*