FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

lighttpd -- remote DoS in header parsing

Affected packages
1.4.30 < lighttpd < 1.4.32

Details

VuXML ID 1cd3ca42-33e6-11e2-a255-5404a67eef98
Discovery 2012-11-17
Entry 2012-11-21

Lighttpd security advisory reports:

Certain Connection header values will trigger an endless loop, for example: "Connection: TE,,Keep-Alive"

On receiving such value, lighttpd will enter an endless loop, detecting an empty token but not incrementing the current string position, and keep reading the ',' again and again.

This bug was introduced in 1.4.31, when we fixed an "invalid read" bug (it would try to read the byte before the string if it started with ',', although the value wasn't actually used).

References

CVE Name CVE-2012-5533