CVE-2022-22707

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions lighttpd versions 1.4.46 through 1.4.63

Description The mod extforward Forwarded function of the mod extforward plugin in lighttpd has a stack-based buffer overflow, which can be exploited for remote denial of service (daemon crash) in a non-default configuration. This configuration requires handling of the Forwarded header in a somewhat unusual manner. Additionally, 32-bit systems are more likely to be affected than 64-bit systems.

Recommendations For lighttpd versions 1.4.46 through 1.4.63, consider disabling the mod extforward Forwarded function of the mod extforward plugin as a temporary workaround to minimize the risk of exploitation. Restrict access to the mod extforward plugin to reduce the likelihood of a daemon crash. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2022-1107

ALT-PU-2022-1198

ALT-PU-2022-2863

CVE-2022-22707

DSA-5040-1

MGASA-2022-0161

OESA-2022-1491

OPENSUSE-SU-2022:0024-1

OPENSUSE-SU-2024:11764-1

USN-5903-1

Affected Products

Alt Linux

Lighttpd

Linuxmint

Ubuntu

CVE-2022-22707

Weakness Enumeration

Related Identifiers

Affected Products

References · 31