Unrated severityNVD Advisory· Published Sep 12, 2022· Updated Aug 3, 2024
CVE-2022-37797
CVE-2022-37797
Description
In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- osv-coords5 versionspkg:rpm/opensuse/lighttpd&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/lighttpd&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/lighttpd&distro=openSUSE%20Tumbleweedpkg:rpm/suse/lighttpd&distro=SUSE%20Package%20Hub%2015%20SP3pkg:rpm/suse/lighttpd&distro=SUSE%20Package%20Hub%2015%20SP4
< 1.4.66-bp154.2.3.1+ 4 more
- (no CPE)range: < 1.4.66-bp154.2.3.1
- (no CPE)range: < 1.4.66-bp154.2.3.1
- (no CPE)range: < 1.4.66-1.1
- (no CPE)range: < 1.4.66-bp154.2.3.1
- (no CPE)range: < 1.4.66-bp154.2.3.1
Patches
Vulnerability mechanics
References
4- security.gentoo.org/glsa/202210-12mitrevendor-advisory
- www.debian.org/security/2022/dsa-5243mitrevendor-advisory
- lists.debian.org/debian-lts-announce/2022/10/msg00002.htmlmitremailing-list
- redmine.lighttpd.net/issues/3165mitre
News mentions
0No linked articles in our index yet.