CVE-2018-25103 - Vulnerability Details - OpenCVE

There exists use-after-free vulnerabilities in lighttpd <= 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not from other requests.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Lighttpd	Lighttpd

No data.

No data.

References

Link	Providers
https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf
https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736
https://github.com/lighttpd/lighttpd1.4/commit/d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8
https://github.com/lighttpd/lighttpd1.4/commit/df8e4f95614e476276a55e34da2aa8b00b1148e9
https://www.kb.cert.org/vuls/id/312260
https://www.runzero.com/blog/lighttpd/

History

Mon, 15 Sep 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 13 Feb 2025 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Lighttpd Lighttpd lighttpd
CPEs		cpe:2.3:a:lighttpd:lighttpd::::::::
Vendors & Products		Lighttpd Lighttpd lighttpd
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2024-06-17T18:02:57.162Z

Updated: 2025-09-15T20:05:35.756Z

Reserved: 2024-06-17T17:47:24.277Z

Link: CVE-2018-25103

Vulnrichment

Updated: 2024-08-05T12:33:49.277Z

NVD

Status : Awaiting Analysis

Published: 2024-06-17T18:15:12.650

Modified: 2024-11-21T04:03:34.090

Link: CVE-2018-25103

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2018-25103", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2024-06-17T17:47:24.277Z", "datePublished": "2024-06-17T18:02:57.162Z", "dateUpdated": "2025-09-15T20:05:35.756Z"}, "containers": {"cna": {"title": "Use-after-free vulnerabilities in lighttpd <= 1.4.50", "descriptions": [{"lang": "en", "value": "There exists use-after-free vulnerabilities in lighttpd <= 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not from other requests."}], "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "value": "Thanks to VDOO Embedded Security part of JFROG for reporting the vulnerability in the If-Modified-Since header with line folding, and thanks to Marcus Wengelin for reporting the vulnerability in the Range header with a specially crafted pair of Range headers.", "type": "finder"}], "affected": [{"vendor": "lighttpd", "product": "lighttpd", "versions": [{"status": "affected", "version": "*", "lessThanOrEqual": "1.4.50", "versionType": "custom"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-416: Use After Free"}]}], "references": [{"url": "https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736"}, {"url": "https://www.runzero.com/blog/lighttpd/"}, {"url": "https://github.com/lighttpd/lighttpd1.4/commit/df8e4f95614e476276a55e34da2aa8b00b1148e9"}, {"url": "https://github.com/lighttpd/lighttpd1.4/commit/d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8"}, {"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf"}, {"url": "https://www.kb.cert.org/vuls/id/312260"}], "x_generator": {"engine": "VINCE 3.0.4", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2018-25103"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2024-07-09T14:45:06.732Z"}}, "adp": [{"affected": [{"vendor": "lighttpd", "product": "lighttpd", "cpes": ["cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.4.50", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-09-15T20:05:27.032213Z", "id": "CVE-2018-25103", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-15T20:05:35.756Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:33:49.277Z"}, "title": "CVE Program Container", "references": [{"url": "https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736", "tags": ["x_transferred"]}, {"url": "https://www.runzero.com/blog/lighttpd/", "tags": ["x_transferred"]}, {"url": "https://github.com/lighttpd/lighttpd1.4/commit/df8e4f95614e476276a55e34da2aa8b00b1148e9", "tags": ["x_transferred"]}, {"url": "https://github.com/lighttpd/lighttpd1.4/commit/d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8", "tags": ["x_transferred"]}, {"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf", "tags": ["x_transferred"]}, {"url": "https://www.kb.cert.org/vuls/id/312260", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736", "tags": ["x_transferred"]}, {"url": "https://www.runzero.com/blog/lighttpd/", "tags": ["x_transferred"]}, {"url": "https://github.com/lighttpd/lighttpd1.4/commit/df8e4f95614e476276a55e34da2aa8b00b1148e9", "tags": ["x_transferred"]}, {"url": "https://github.com/lighttpd/lighttpd1.4/commit/d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8", "tags": ["x_transferred"]}, {"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf", "tags": ["x_transferred"]}, {"url": "https://www.kb.cert.org/vuls/id/312260", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:33:49.277Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2018-25103", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-15T20:05:27.032213Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*"], "vendor": "lighttpd", "product": "lighttpd", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.4.50"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-01T20:32:04.936Z"}}], "cna": {"title": "Use-after-free vulnerabilities in lighttpd <= 1.4.50", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Thanks to VDOO Embedded Security part of JFROG for reporting the vulnerability in the If-Modified-Since header with line folding, and thanks to Marcus Wengelin for reporting the vulnerability in the Range header with a specially crafted pair of Range headers."}], "affected": [{"vendor": "lighttpd", "product": "lighttpd", "versions": [{"status": "affected", "version": "*", "versionType": "custom", "lessThanOrEqual": "1.4.50"}]}], "references": [{"url": "https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736"}, {"url": "https://www.runzero.com/blog/lighttpd/"}, {"url": "https://github.com/lighttpd/lighttpd1.4/commit/df8e4f95614e476276a55e34da2aa8b00b1148e9"}, {"url": "https://github.com/lighttpd/lighttpd1.4/commit/d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8"}, {"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf"}, {"url": "https://www.kb.cert.org/vuls/id/312260"}], "x_generator": {"env": "prod", "engine": "VINCE 3.0.4", "origin": "https://cveawg.mitre.org/api/cve/CVE-2018-25103"}, "descriptions": [{"lang": "en", "value": "There exists use-after-free vulnerabilities in lighttpd <= 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not from other requests."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-416: Use After Free"}]}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2024-07-09T14:45:06.732Z"}}}, "cveMetadata": {"cveId": "CVE-2018-25103", "state": "PUBLISHED", "dateUpdated": "2025-09-15T20:05:35.756Z", "dateReserved": "2024-06-17T17:47:24.277Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2024-06-17T18:02:57.162Z", "assignerShortName": "certcc"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "There exists use-after-free vulnerabilities in lighttpd <= 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not from other requests."}, {"lang": "es", "value": "Existe una vulnerabilidad de use-after-free en lighttpd <= 1.4.50 que puede permitir el acceso para realizar una comparaci\u00f3n que no distinga entre may\u00fasculas y min\u00fasculas con el puntero reutilizado."}], "id": "CVE-2018-25103", "lastModified": "2024-11-21T04:03:34.090", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-06-17T18:15:12.650", "references": [{"source": "cret@cert.org", "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf"}, {"source": "cret@cert.org", "url": "https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736"}, {"source": "cret@cert.org", "url": "https://github.com/lighttpd/lighttpd1.4/commit/d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8"}, {"source": "cret@cert.org", "url": "https://github.com/lighttpd/lighttpd1.4/commit/df8e4f95614e476276a55e34da2aa8b00b1148e9"}, {"source": "cret@cert.org", "url": "https://www.kb.cert.org/vuls/id/312260"}, {"source": "cret@cert.org", "url": "https://www.runzero.com/blog/lighttpd/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/lighttpd/lighttpd1.4/commit/d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/lighttpd/lighttpd1.4/commit/df8e4f95614e476276a55e34da2aa8b00b1148e9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.kb.cert.org/vuls/id/312260"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.runzero.com/blog/lighttpd/"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Awaiting Analysis"}