{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-27T15:38:21.433","vulnerabilities":[{"cve":{"id":"CVE-2018-25103","sourceIdentifier":"cret@cert.org","published":"2024-06-17T18:15:12.650","lastModified":"2026-06-17T01:54:43.473","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"There exists use-after-free vulnerabilities in lighttpd <= 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not from other requests."},{"lang":"es","value":"Existen vulnerabilidades de uso después de liberación en el análisis de solicitudes de lighttpd &lt;= 1.4.50 que podrían leer de punteros inválidos a memoria utilizada en la misma solicitud, no de otras solicitudes."}],"affected":[{"source":"cret@cert.org","affectedData":[{"vendor":"lighttpd","product":"lighttpd","versions":[{"version":"*","lessThanOrEqual":"1.4.50","versionType":"custom","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"lighttpd","product":"lighttpd","defaultStatus":"unknown","cpes":["cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:*"],"versions":[{"version":"0","lessThanOrEqual":"1.4.50","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-09-15T20:05:27.032213Z","id":"CVE-2018-25103","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf","source":"cret@cert.org"},{"url":"https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736","source":"cret@cert.org"},{"url":"https://github.com/lighttpd/lighttpd1.4/commit/d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8","source":"cret@cert.org"},{"url":"https://github.com/lighttpd/lighttpd1.4/commit/df8e4f95614e476276a55e34da2aa8b00b1148e9","source":"cret@cert.org"},{"url":"https://www.kb.cert.org/vuls/id/312260","source":"cret@cert.org"},{"url":"https://www.runzero.com/blog/lighttpd/","source":"cret@cert.org"},{"url":"https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024002.pdf","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogvdoo.wordpress.com/2018/11/06/giving-back-securing-open-source-iot-projects/#more-736","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/lighttpd/lighttpd1.4/commit/d161f53de04bc826ce1bdaeb3dce2c72ca50a3f8","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/lighttpd/lighttpd1.4/commit/df8e4f95614e476276a55e34da2aa8b00b1148e9","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/312260","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.runzero.com/blog/lighttpd/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}