CVE-2022-34037

Published: Jul 22, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI. Note: This has been disputed as a bug, not a security vulnerability, in the Caddy web server that emerged when an administrator's bad configuration containing a malformed request URI caused the server to return an empty reply instead of a valid HTTP response to the client.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/caddyserver/caddy/issues/4775

https://github.com/caddyserver/caddy/issues/4775#issuecomment-1203388116

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-34037

Description

Affected Products

References