CVE-2018-25103

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-25103

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-25103.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-25103

Related

UBUNTU-CVE-2018-25103

Published

2024-06-17T18:15:12Z

Modified

2025-01-15T01:34:45.352009Z

Summary

[none]

Details

There exists use-after-free vulnerabilities in lighttpd <= 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not from other requests.

References

Affected packages

Debian:11 / lighttpd

Package

Name: lighttpd
Purl: pkg:deb/debian/lighttpd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.52-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / lighttpd

Package

Name: lighttpd
Purl: pkg:deb/debian/lighttpd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.52-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / lighttpd

Package

Name: lighttpd
Purl: pkg:deb/debian/lighttpd?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.52-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/lighttpd/lighttpd1.4

Affected ranges

Type: GIT
Repo: https://github.com/lighttpd/lighttpd1.4
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8

Fixed

d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8

Fixed

df8e4f95614e476276a55e34da2aa8b00b1148e9

Fixed

df8e4f95614e476276a55e34da2aa8b00b1148e9

Affected versions

lighttpd-1.*

lighttpd-1.3.11

lighttpd-1.3.12

lighttpd-1.3.13

lighttpd-1.3.14

lighttpd-1.3.15

lighttpd-1.3.16

lighttpd-1.4.1

lighttpd-1.4.2

lighttpd-1.4.25

lighttpd-1.4.26

lighttpd-1.4.27

lighttpd-1.4.28

lighttpd-1.4.29

lighttpd-1.4.3

lighttpd-1.4.30

lighttpd-1.4.31

lighttpd-1.4.32

lighttpd-1.4.33

lighttpd-1.4.34

lighttpd-1.4.35

lighttpd-1.4.36

lighttpd-1.4.36--rc1

lighttpd-1.4.37

lighttpd-1.4.38

lighttpd-1.4.39

lighttpd-1.4.4

lighttpd-1.4.40

lighttpd-1.4.41

lighttpd-1.4.42

lighttpd-1.4.43

lighttpd-1.4.44

lighttpd-1.4.45

lighttpd-1.4.46

lighttpd-1.4.47

lighttpd-1.4.48

lighttpd-1.4.49

lighttpd-1.4.5

lighttpd-1.4.6

lighttpd-1.4.7