CVE-2022-34037

Name of the Vulnerable Software and Affected Versions Caddy version 2.5.1

Description An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go allows attackers to cause a Denial of Service (DoS) via a crafted URI. This issue has been disputed as a bug, not a security vulnerability, and is believed to affect the client side of the request, potentially causing the server to return an empty reply instead of a valid HTTP response to the client.

Recommendations As a temporary workaround, consider disabling the rewrite function until a patch is available or the issue is otherwise resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.