Back to search
CVE-2022-22707
Published: Jan 6, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://redmine.lighttpd.net/issues/3134
x_refsource_MISC
DSA-5040
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now