CVE-2011-4362

Name of the Vulnerable Software and Affected Versions lighttpd versions 1.4 before 1.4.30 lighttpd versions 1.5 before SVN revision 2806

Description The issue is caused by an integer signedness error in the base64 decode function within the HTTP authentication functionality. This error allows remote attackers to trigger a denial of service, resulting in a segmentation fault, by providing crafted base64 input that causes an out-of-bounds read with a negative index.

Recommendations For lighttpd versions 1.4 before 1.4.30, update to version 1.4.30 or later. For lighttpd versions 1.5 before SVN revision 2806, update to SVN revision 2806 or later.