CVE-2022-30780

Name of the Vulnerable Software and Affected Versions Lighttpd versions 1.4.56 through 1.4.58

Description The issue allows a remote attacker to cause a denial of service due to CPU consumption from stuck connections. This is because a typo in the connection read header more function in connections.c disrupts the use of multiple read operations on large headers. An unauthorized attacker can send an HTTP request with a URL that exceeds the maximum URL length, leading to a denial of service.

Recommendations For versions 1.4.56 through 1.4.58, update to a version that fixes the typo in the connection read header more function to prevent the denial of service issue. As a temporary workaround, consider restricting the maximum allowed URL length to prevent exploitation until a patch is available.