DEBIAN-CVE-2011-4362

Source
https://security-tracker.debian.org/tracker/CVE-2011-4362
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2011-4362.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2011-4362
Upstream
Published
2011-12-24T19:55:05Z
Modified
2025-09-19T06:14:29Z
Summary
[none]
Details

Integer signedness error in the base64decode function in the HTTP authentication functionality (httpauth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.

References

Affected packages

Debian:11 / lighttpd

Package

Name
lighttpd
Purl
pkg:deb/debian/lighttpd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.30-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / lighttpd

Package

Name
lighttpd
Purl
pkg:deb/debian/lighttpd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.30-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / lighttpd

Package

Name
lighttpd
Purl
pkg:deb/debian/lighttpd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.30-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:14 / lighttpd

Package

Name
lighttpd
Purl
pkg:deb/debian/lighttpd?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.30-1

Ecosystem specific

{
    "urgency": "low"
}