CVE-2024-3708

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions lighttpd versions prior to 1.4.51

Description A condition exists whereby a remote attacker can craft an http request which could result in multiple outcomes:

cause lighttpd to access freed memory in which case the process lighttpd is running in could be terminated or other non-deterministic behavior could result
a memory information disclosure event could result which could be used to determine the state of memory which could then be used to theoretically bypass ALSR protections.

Recommendations For versions prior to 1.4.51, update to version 1.4.51 or later to resolve the issue. As a temporary workaround, consider restricting access to the http request endpoint to minimize the risk of exploitation.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2024-3708

Affected Products

Lighttpd

CVE-2024-3708

Related Identifiers

Affected Products

References · 7