lighttpd 1.4.56

CPE Details

lighttpd 1.4.56
1.4.56
2022-06-14
11h39 +00:00
2022-06-15
11h36 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:lighttpd:lighttpd:1.4.56:-:*:*:*:*:*:*

Informations

Vendor

lighttpd

Product

lighttpd

Version

1.4.56

Update

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-41556 2022-10-05 22h00 +00:00 A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.
7.5
High
CVE-2022-30780 2022-06-11 12h40 +00:00 Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers.
7.5
High
CVE-2022-22707 2022-01-06 04h55 +00:00 In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.
5.9
Medium