#VU18331 Integer overflow in lighttpd - CVE-2019-11072

Cybersecurity Help s.r.o.

Published: 2019-04-24 | Updated: 2022-09-29

Vulnerability identifier: #VU18331

Vulnerability risk: Medium

CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2019-11072

CWE-ID: CWE-190

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
lighttpd
Server applications / Web servers

Vendor: lighttpd

Description

The vulnerability allows a remote attacker to perform denial of service attack.

The vulnerability exists due to signed integer overflow when processing "/%2F?" characters in burl_normalize_2F_to_slash_fix() function in burl.c, when url-path-2f-decode option is enabled. A remote attacker can send a specially crafted HTTP GET request to the affected server, trigger integer overflow and crash the service.

Mitigation
Install updates from vendor's repository.

Vulnerable software versions

lighttpd: 1.4.1 - 1.4.53

External links
https://www.securityfocus.com/bid/107907
https://github.com/lighttpd/lighttpd1.4/commit/32120d5b8b3203fc21ccb9eafb0eaf824bb59354
https://redmine.lighttpd.net/issues/2945

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Integer overflow in lighttpd