CVE-2011-4362
lighttpd 1.4-1.4.29 - Denial of Service via Base64 Decode Integer Signedness Error
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2011-4362. PoCs published by pi3.
AI-analyzed exploit summary This exploit demonstrates an out-of-bounds read vulnerability in lighttpd's mod_auth due to improper handling of extended ASCII characters, leading to a potential Denial of Service (DoS). The PoC sends a crafted packet to trigger the vulnerability, causing the server to read memory out of bounds.
Description
Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.
Exploits (1)
This exploit demonstrates an out-of-bounds read vulnerability in lighttpd's mod_auth due to improper handling of extended ASCII characters, leading to a potential Denial of Service (DoS). The PoC sends a crafted packet to trigger the vulnerability, causing the server to read memory out of bounds.