CVE-2008-4298

Description

Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers.

Software From Fixed in
lighttpd / lighttpd - 1.4.19.x
lighttpd / lighttpd 1.1.1 1.1.1.x
lighttpd / lighttpd 1.1.2 1.1.2.x
lighttpd / lighttpd 1.1.3 1.1.3.x
lighttpd / lighttpd 1.1.4 1.1.4.x
lighttpd / lighttpd 1.1.5 1.1.5.x
lighttpd / lighttpd 1.1.6 1.1.6.x
lighttpd / lighttpd 1.1.7 1.1.7.x
lighttpd / lighttpd 1.1.8 1.1.8.x
lighttpd / lighttpd 1.1.9 1.1.9.x
lighttpd / lighttpd 1.2.1 1.2.1.x
lighttpd / lighttpd 1.2.2 1.2.2.x
lighttpd / lighttpd 1.2.3 1.2.3.x
lighttpd / lighttpd 1.2.4 1.2.4.x
lighttpd / lighttpd 1.2.5 1.2.5.x
lighttpd / lighttpd 1.2.6 1.2.6.x
lighttpd / lighttpd 1.2.7 1.2.7.x
lighttpd / lighttpd 1.2.8 1.2.8.x
lighttpd / lighttpd 1.3.0 1.3.0.x
lighttpd / lighttpd 1.3.1 1.3.1.x
lighttpd / lighttpd 1.3.10 1.3.10.x
lighttpd / lighttpd 1.3.11 1.3.11.x
lighttpd / lighttpd 1.3.12 1.3.12.x
lighttpd / lighttpd 1.3.13 1.3.13.x
lighttpd / lighttpd 1.3.14 1.3.14.x
lighttpd / lighttpd 1.3.15 1.3.15.x
lighttpd / lighttpd 1.3.16 1.3.16.x
lighttpd / lighttpd 1.3.2 1.3.2.x
lighttpd / lighttpd 1.3.3 1.3.3.x
lighttpd / lighttpd 1.3.4 1.3.4.x
lighttpd / lighttpd 1.3.5 1.3.5.x
lighttpd / lighttpd 1.3.6 1.3.6.x
lighttpd / lighttpd 1.3.7 1.3.7.x
lighttpd / lighttpd 1.3.8 1.3.8.x
lighttpd / lighttpd 1.3.9 1.3.9.x
lighttpd / lighttpd 1.4.0 1.4.0.x
lighttpd / lighttpd 1.4.1 1.4.1.x
lighttpd / lighttpd 1.4.10 1.4.10.x
lighttpd / lighttpd 1.4.11 1.4.11.x
lighttpd / lighttpd 1.4.12 1.4.12.x
lighttpd / lighttpd 1.4.13 1.4.13.x
lighttpd / lighttpd 1.4.14 1.4.14.x
lighttpd / lighttpd 1.4.15 1.4.15.x
lighttpd / lighttpd 1.4.16 1.4.16.x
lighttpd / lighttpd 1.4.17 1.4.17.x
lighttpd / lighttpd 1.4.18 1.4.18.x
lighttpd / lighttpd 1.4.2 1.4.2.x
lighttpd / lighttpd 1.4.3 1.4.3.x
lighttpd / lighttpd 1.4.4 1.4.4.x
lighttpd / lighttpd 1.4.5 1.4.5.x
lighttpd / lighttpd 1.4.6 1.4.6.x
lighttpd / lighttpd 1.4.7 1.4.7.x
lighttpd / lighttpd 1.4.8 1.4.8.x
lighttpd / lighttpd 1.4.9 1.4.9.x