CVE-2008-0983

Publication date 26 February 2008

Last updated 24 July 2024


Ubuntu priority

lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.

Read the notes from the security team

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
lighttpd 7.10 gutsy
Fixed 1.4.18-1ubuntu1.1
7.04 feisty
Fixed 1.4.13-9ubuntu4.3
6.10 edgy
Fixed 1.4.13~r1370-1ubuntu1.4
6.06 LTS dapper
Fixed 1.4.11-3ubuntu3.6

Notes


jdstrand

per emgent, this is fixed with 90_maxfds_crash_fix