CVE-2008-4298

EPSS 2.6%

lighttpd - various problems

Published: 9/27/2008Modified: 4/28/2026

Description

Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers.

Affected packages (2)

Debian/lighttpdfrom 0, < 1.4.19-5
Debian/lighttpdfrom 0, < 1.4.13-4etch11

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2008-4298