Description

lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.

Remediation

References

CVE-2008-0983

Related Vulnerabilities

WebLogic Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-22965)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2101)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Request Forgery (2.7.7)

MySQL Deserialization of Untrusted Data Vulnerability (CVE-2019-14540)

Contao Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-37626)

Severity

Medium

Classification

CVE-2008-0983

Tags

Missing Update Known Vulnerabilities