CVE-2008-0983

Published: Feb 26, 2008Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.

Affected (12)

Products: Lighttpd: Lighttpd

1 product

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Lighttpd Lighttpd	Version 1.4.10
Lighttpd Lighttpd	Version 1.4.11
Lighttpd Lighttpd	Version 1.4.12
Lighttpd Lighttpd	Version 1.4.13
Lighttpd Lighttpd	Version 1.4.14
Lighttpd Lighttpd	Version 1.4.15
Lighttpd Lighttpd	Version 1.4.16
Lighttpd Lighttpd	Version 1.4.17
Lighttpd Lighttpd	Version 1.4.18
Lighttpd Lighttpd	Version 1.4.7
Lighttpd Lighttpd	Version 1.4.8
Lighttpd Lighttpd	Version 1.4.9

Related CWEs

References (34)

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html

Source: cve@mitre.org

http://secunia.com/advisories/29066

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/29166

Source: cve@mitre.org

http://secunia.com/advisories/29209

Source: cve@mitre.org

http://secunia.com/advisories/29268

Source: cve@mitre.org

http://secunia.com/advisories/29622

Source: cve@mitre.org

http://secunia.com/advisories/31104

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200803-10.xml

Source: cve@mitre.org

http://trac.lighttpd.net/trac/ticket/1562

Source: cve@mitre.org

Patch

http://wiki.rpath.com/Advisories:rPSA-2008-0084

Source: cve@mitre.org

http://www.debian.org/security/2008/dsa-1609

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/488926/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/27943

Source: cve@mitre.org

Patch

http://www.vupen.com/english/advisories/2008/0659/references

Source: cve@mitre.org

https://issues.rpath.com/browse/RPL-2284

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00162.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00180.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29066

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://secunia.com/advisories/29166

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29209

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29268

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29622

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31104

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200803-10.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://trac.lighttpd.net/trac/ticket/1562

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://wiki.rpath.com/Advisories:rPSA-2008-0084

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2008/dsa-1609

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/488926/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/27943

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.vupen.com/english/advisories/2008/0659/references

Source: af854a3a-2127-422b-91ae-364da2661108

https://issues.rpath.com/browse/RPL-2284

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00162.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00180.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.