5

CVE-2008-0983

lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LighttpdLighttpd Version1.4.7
LighttpdLighttpd Version1.4.8
LighttpdLighttpd Version1.4.9
LighttpdLighttpd Version1.4.10
LighttpdLighttpd Version1.4.11
LighttpdLighttpd Version1.4.12
LighttpdLighttpd Version1.4.13
LighttpdLighttpd Version1.4.14
LighttpdLighttpd Version1.4.15
LighttpdLighttpd Version1.4.16
LighttpdLighttpd Version1.4.17
LighttpdLighttpd Version1.4.18
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.31% 0.812
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
http://secunia.com/advisories/29622
http://secunia.com/advisories/31104
http://www.debian.org/security/2008/dsa-1609
http://secunia.com/advisories/29066
Patch
Vendor Advisory
http://secunia.com/advisories/29166
http://secunia.com/advisories/29209
http://secunia.com/advisories/29268
http://security.gentoo.org/glsa/glsa-200803-10.xml
http://trac.lighttpd.net/trac/ticket/1562
Patch
http://wiki.rpath.com/Advisories:rPSA-2008-0084
http://www.securityfocus.com/archive/1/488926/100/0/threaded
http://www.securityfocus.com/bid/27943
Patch
http://www.vupen.com/english/advisories/2008/0659/references
https://issues.rpath.com/browse/RPL-2284
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00162.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00180.html