Description

There exists use-after-free vulnerabilities in lighttpd <= 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not from other requests.

INFO

Published Date :

2024-06-17T18:02:57.162Z

Last Modified :

2025-09-15T20:05:35.756Z

Source :

certcc
AFFECTED PRODUCTS

The following products are affected by CVE-2018-25103 vulnerability.

Vendors Products
Lighttpd
  • Lighttpd
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2018-25103.

URL Resource
https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf cve-icon cve-icon
https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736 cve-icon cve-icon
https://github.com/lighttpd/lighttpd1.4/commit/d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8 cve-icon cve-icon
https://github.com/lighttpd/lighttpd1.4/commit/df8e4f95614e476276a55e34da2aa8b00b1148e9 cve-icon cve-icon
https://www.kb.cert.org/vuls/id/312260 cve-icon cve-icon
https://www.runzero.com/blog/lighttpd/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact