Unrated severityNVD Advisory· Published Jan 6, 2022· Updated Aug 3, 2024
CVE-2022-22707
CVE-2022-22707
Description
In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.
Affected products
5- lighttpd/lighttpddescription
- osv-coords3 versionspkg:rpm/opensuse/lighttpd&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/lighttpd&distro=openSUSE%20Tumbleweedpkg:rpm/suse/lighttpd&distro=SUSE%20Package%20Hub%2015%20SP3
< 1.4.64-bp153.2.3.1+ 2 more
- (no CPE)range: < 1.4.64-bp153.2.3.1
- (no CPE)range: < 1.4.64-1.1
- (no CPE)range: < 1.4.64-bp153.2.3.1
Patches
Vulnerability mechanics
References
2- www.debian.org/security/2022/dsa-5040mitrevendor-advisoryx_refsource_DEBIAN
- redmine.lighttpd.net/issues/3134mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.