Denial of service under high load
===================================

 Description
-------------

lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly
calculate the size of a file descriptor array, which allows remote attackers to
cause a denial of service (crash) via a large number of connections, which
triggers an out-of-bounds access.

http://trac.lighttpd.net/trac/ticket/1562

 Affected versions
-------------------

all versions before 1.4.19

 Solutions or Workaround
-------------------------

There is no workaround. Upgrade to 1.4.19 or apply
lighttpd-1.4.x_high_load_dos.patch

This bug is tracked as CVE-2008-0983.