CVE-2008-0983

Summary

CVE	CVE-2008-0983
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2008-02-26 18:44:00 UTC
Updated	2018-10-15 22:04:00 UTC
Description	lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.

Risk And Classification

Problem Types: CWE-399

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Lighttpd	Lighttpd	1.4.10	All	All	All
Application	Lighttpd	Lighttpd	1.4.11	All	All	All
Application	Lighttpd	Lighttpd	1.4.12	All	All	All
Application	Lighttpd	Lighttpd	1.4.13	All	All	All
Application	Lighttpd	Lighttpd	1.4.14	All	All	All
Application	Lighttpd	Lighttpd	1.4.15	All	All	All
Application	Lighttpd	Lighttpd	1.4.16	All	All	All
Application	Lighttpd	Lighttpd	1.4.17	All	All	All
Application	Lighttpd	Lighttpd	1.4.18	All	All	All
Application	Lighttpd	Lighttpd	1.4.7	All	All	All
Application	Lighttpd	Lighttpd	1.4.8	All	All	All
Application	Lighttpd	Lighttpd	1.4.9	All	All	All
Application	Lighttpd	Lighttpd	1.4.10	All	All	All
Application	Lighttpd	Lighttpd	1.4.11	All	All	All
Application	Lighttpd	Lighttpd	1.4.12	All	All	All
Application	Lighttpd	Lighttpd	1.4.13	All	All	All
Application	Lighttpd	Lighttpd	1.4.14	All	All	All
Application	Lighttpd	Lighttpd	1.4.15	All	All	All
Application	Lighttpd	Lighttpd	1.4.16	All	All	All
Application	Lighttpd	Lighttpd	1.4.17	All	All	All
Application	Lighttpd	Lighttpd	1.4.18	All	All	All
Application	Lighttpd	Lighttpd	1.4.7	All	All	All
Application	Lighttpd	Lighttpd	1.4.8	All	All	All
Application	Lighttpd	Lighttpd	1.4.9	All	All	All

References

Reference	Source	Link	Tags
SUSE Updates for Multiple Packages - Advisories - Secunia	SECUNIA	secunia.com
issues.rpath.com/browse/RPL-2284	CONFIRM	issues.rpath.com
lighttpd: Multiple vulnerabilities — Gentoo Linux Documentation	GENTOO	security.gentoo.org
[SECURITY] Fedora 7 Update: lighttpd-1.4.18-3.fc7	FEDORA	www.redhat.com
lighttpd File Descriptor Array Denial of Service Vulnerability - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Patch, Vendor Advisory
Advisories:rPSA-2008-0084 - rPath Wiki	CONFIRM	wiki.rpath.com
[security-announce] SUSE Security Summary Report SUSE-SR:2008:08	SUSE	lists.opensuse.org
Fedora update for lighttpd - Advisories - Secunia	SECUNIA	secunia.com
Lighttpd - Bug #1562: sigsegv @ fdevent_get_handler - when congestion occurs, and file descriptor arrays is full. - lighty labs	CONFIRM	trac.lighttpd.net	Patch
Debian -- Security Information -- DSA-1609-1 lighttpd	DEBIAN	www.debian.org
[SECURITY] Fedora 8 Update: lighttpd-1.4.18-6.fc8	FEDORA	www.redhat.com
SecurityFocus	BUGTRAQ	www.securityfocus.com
Webmail \| OVH- OVH	VUPEN	www.vupen.com
rPath update for lighttpd - Advisories - Secunia	SECUNIA	secunia.com
Gentoo update for lighttpd - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
Debian update for lighttpd - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
Lighttpd File Descriptor Array Remote Denial of Service Vulnerability	BID	www.securityfocus.com	Patch
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.