CVE-2008-0983
lighttpd - multiple DOS issues
EPSS 4.6%
Description
lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.
How to fix CVE-2008-0983
To remediate CVE-2008-0983, upgrade the affected package to a fixed version below.
- Debian/lighttpd—upgrade to 1.4.18-2 or later
- Debian/lighttpd—upgrade to 1.4.13-4etch9 or later
Is CVE-2008-0983 being exploited?
Low — EPSS is 4.6%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.4.18-2
- from 0, < 1.4.13-4etch9