CVE-2022-22707
Summary
| CVE | CVE-2022-22707 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-01-06 06:15:00 UTC |
|---|
| Updated | 2022-01-13 20:52:00 UTC |
|---|
| Description | In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Debian -- Security Information -- DSA-5040-1 lighttpd |
DEBIAN |
www.debian.org |
|
| Bug #3134: mod_extforward plugin has out-of-bounds (OOB) write of 4-byte -1 - Lighttpd - lighty labs |
MISC |
redmine.lighttpd.net |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 178994 Debian Security Update for lighttpd (DSA 5040-1)
- 182253 Debian Security Update for lighttpd (CVE-2022-22707)
- 199198 Ubuntu Security Notification for lighttpd Vulnerabilities (USN-5903-1)
- 501425 Alpine Linux Security Update for lighttpd
- 504120 Alpine Linux Security Update for lighttpd
- 87543 Lighttpd server Denial of service (DoS) Vulnerability (CVE-2022-22707)
