Unrated severityNVD Advisory· Published Feb 26, 2008· Updated Apr 23, 2026

CVE-2008-0983

Description

lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.

Affected products

Lighttpd/Lighttpd12 versions
cpe:2.3:a:lighttpd:lighttpd:1.4.10:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:lighttpd:lighttpd:1.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.17:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.18:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:lighttpd:lighttpd:1.4.9:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000