VYPR
Unrated severityNVD Advisory· Published Dec 24, 2011· Updated Jun 16, 2026

CVE-2011-4362

CVE-2011-4362

Description

Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • Lighttpd/Lighttpd3 versions
    cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*range: >=1.4.1,<1.4.30
    • cpe:2.3:a:lighttpd:lighttpd:1.5.0:*:*:*:*:*:*:*
    • (no CPE)range: <1.4.30 (1.4 branch) and <SVN r2806 (1.5 branch)
  • Debian/linux3 versions
    cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.