Problem type : remote
Debian-specific: no
Debian bug : none
CVE ID : CVE-2010-0295
Li Ming discovered that lighttpd, a small and fast webserver with minimal
memory footprint, is vulnerable to a denial of service attack due to bad
memory handling. Slowly sending very small chunks of request data causes
lighttpd to allocate new buffers for each read instead of appending to
old ones. An attacker can abuse this behaviour to cause denial of service
conditions due to memory exhaustion.
1 www-servers/lighttpd < 1.4.25-r1 >= 1.4.25-r1
Description
===========
Li Ming reported that lighttpd does not properly process packets that
are sent overly slow.
Impact
======
