Unrated severityNVD Advisory· Published Dec 24, 2011· Updated Apr 29, 2026
CVE-2011-4362
CVE-2011-4362
Description
Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.
Affected products
5cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- blog.pi3.com.plnvdExploitThird Party Advisory
- download.lighttpd.net/lighttpd/security/lighttpd_sa_2011_01.txtnvdExploitPatchVendor Advisory
- redmine.lighttpd.net/issues/2370nvdExploitPatchVendor Advisory
- www.exploit-db.com/exploits/18295nvdExploitThird Party AdvisoryVDB Entry
- www.openwall.com/lists/oss-security/2011/11/29/13nvdExploitMailing ListPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2011/11/29/8nvdExploitMailing ListPatchThird Party Advisory
- jvn.jp/en/jp/JVN37417423/index.htmlnvdThird Party Advisory
- secunia.com/advisories/47260nvdThird Party Advisory
- www.debian.org/security/2011/dsa-2368nvdThird Party Advisory
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/71536nvdThird Party AdvisoryVDB Entry
- archives.neohapsis.com/archives/bugtraq/2011-12/0167.htmlnvdBroken Link
News mentions
0No linked articles in our index yet.