There exists use-after-free vulnerabilities in lighttpd <= 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not from other requests.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | lighttpd | < 1.4.52-1 | lighttpd_1.4.52-1_all.deb |
Debian | 11 | all | lighttpd | < 1.4.52-1 | lighttpd_1.4.52-1_all.deb |
Debian | 10 | all | lighttpd | < 1.4.52-1 | lighttpd_1.4.52-1_all.deb |
Debian | 999 | all | lighttpd | < 1.4.52-1 | lighttpd_1.4.52-1_all.deb |
Debian | 13 | all | lighttpd | < 1.4.52-1 | lighttpd_1.4.52-1_all.deb |