CVE-2018-25103

June 17, 2024, 6:15 p.m.

Product(s) Impacted

lighttpd

<= 1.4.50

Description

There exists a use-after-free-vulnerability in lighttpd <= 1.4.50 that can allow access to do a case-insensitive comparison against the reused pointer.

Weaknesses

Date

Published: June 17, 2024, 6:15 p.m.

Last Modified: June 17, 2024, 6:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cret@cert.org

References

https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf

cret@cert.org

https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736

cret@cert.org

https://github.com/lighttpd/lighttpd1.4/commit/df8e4f95614e476276a55e34da2aa8b00b1148e9

cret@cert.org

https://www.binarly.io/blog/lighttpd-gains-new-life

cret@cert.org

https://www.runzero.com/blog/lighttpd/

cret@cert.org

CVE-2018-25103

Tags

Product(s) Impacted

Description

Weaknesses

Date

Status : Received

Source

References

Share