Description
lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.
Remediation
References
Related Vulnerabilities
PHP Improper Input Validation Vulnerability (CVE-2016-10397)
MediaWiki Improper Access Control Vulnerability (CVE-2016-6336)
Oracle Application Server CVE-2008-3986 Vulnerability (CVE-2008-3986)
WordPress Plugin Manual Image Crop Cross-Site Scripting (1.10)
MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-36129)